Unrated severityNVD Advisory· Published Jun 8, 2014· Updated May 6, 2026

CVE-2014-3986

Description

include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.

Affected products

Cisofy/Lynis5 versions
cpe:2.3:a:cisofy:lynis:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:cisofy:lynis:*:*:*:*:*:*:*:*range: <=1.5.4
- cpe:2.3:a:cisofy:lynis:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisofy:lynis:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisofy:lynis:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisofy:lynis:1.5.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cisofy.com/files/lynis-1.5.5.tar.gznvd
openwall.com/lists/oss-security/2014/06/05/14nvd
openwall.com/lists/oss-security/2014/06/06/12nvd
openwall.com/lists/oss-security/2014/06/07/3nvd
seclists.org/fulldisclosure/2014/Jun/21nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000