It was reported that the scanner module for the Open Vulnerability Assessment System (OpenVAS) used insecure way for creation of a temporary file, when generating OVAL system characteristics document from the knowledge base data available, with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system, accessible with the privileges of the user running the SLAD daemon and / or the ovaldi OVAL interpreter. References: [1] http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0057.html [2] http://secunia.com/advisories/45836/
This issue affects the versions of the openvas-scanner package, as shipped with Fedora release of 14 and 15. Please schedule an update (once final upstream patch known). -- This issue affects the version of the openvas-scanner package, as present within EPEL-6 repository. Please schedule an update (once final upstream patch known).
CVE Request: [3] http://www.openwall.com/lists/oss-security/2011/09/07/4
Created openvas-scanner tracking bugs for this issue Affects: epel-6 [bug 736321] Affects: fedora-all [bug 736322]
This was assigned the name CVE-2011-3351.