rkhunter -- insecure temporary file creation

ID F14AD681-5B88-11DC-812D-0011098B2F36
Type freebsd
Reporter FreeBSD
Modified 2005-04-26T00:00:00


Gentoo reports:

Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux Security Team have reported that the check_update.sh script and the main rkhunter script insecurely creates several temporary files with predictable filenames. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When rkhunter or the check_update.sh script runs, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.