It was reported that the scanner module for the Open Vulnerability Assessment System (OpenVAS) used insecure way for creation of a temporary file, when generating OVAL system characteristics document from the knowledge base data available, with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system, accessible with the privileges of the user running the SLAD daemon and / or the ovaldi OVAL interpreter.
This issue affects the versions of the openvas-scanner package, as shipped with Fedora release of 14 and 15. Please schedule an update (once final upstream patch known).
This issue affects the version of the openvas-scanner package, as present within EPEL-6 repository. Please schedule an update (once final upstream patch known).
Created openvas-scanner tracking bugs for this issue
Affects: epel-6 [bug 736321]
Affects: fedora-all [bug 736322]
This was assigned the name CVE-2011-3351.