published date: December 31, 2004

CVE-2004-1445 : Race Condition Vulnerability

Description

A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.

Product(s):

Nessus 2.0.10
Nessus 2.0.11
Nessus 2.0.1
Nessus 2.0.2
Nessus 2.0.3
Nessus 2.0.4
Nessus 2.0.5
Nessus 2.0.6
Nessus 2.0.7
Nessus 2.0.8
Nessus 2.0.9
Nessus 2.0
Nessus 2.1.0

CVSS:3.7 [Critical]
EPSS:0.07%
Exploitability:1.9
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2004-1445, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2004-1445 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2004-1445

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales