Summary
This host is installed with OVS Scanner and is prone to privilege escalation vulnerability.
Impact
Successful exploitation allows local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
Impact Level: Application.
Solution
Upgrade to OVS Scanner 4 or later,
For updates refer to http://www.openvas.org/software.html
Insight
The flaw is due to the application passing a predictable temporary filename to the '-r' parameter of the ovaldi application, which can be exploited to overwrite arbitrary files via symlink attacks.
NOTE: This vulnerability exists when ovaldi support enabled.
Affected
OVS Project OVS Scanner 3.2.4
References
Severity
Classification
-
CVE CVE-2011-3351 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)
- Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)
- Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
- Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)