Nessus: "adduser" race condition vulnerability Nessus contains a vulnerability allowing a user to perform a privilege escalation attack. Nessus 2004-08-12 2006-05-22 58014 local 2.0.12 2.0.11

Nessus is a free and powerful network security scanner.

A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable.

A malicious user could exploit this bug to escalate privileges to the rights of the user running "nessus-adduser".

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.

All Nessus users should upgrade to the latest version:

# emerge sync # emerge -pv ">=net-analyzer/nessus-2.0.12" # emerge ">=net-analyzer/nessus-2.0.12" Secunia Advisory CVE-2004-1445 koon jaervosz