include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Lynis | Cisofy | * | 1.5.4 |
Lynis | Cisofy | 1.5.3 | 1.5.3 |
Lynis | Cisofy | 1.5.2 | 1.5.2 |
Lynis | Cisofy | 1.5.0 | 1.5.0 |
Lynis | Cisofy | 1.5.1 | 1.5.1 |