Lucene search

FreeBSDF14AD681-5B88-11DC-812D-0011098B2F36

HistoryApr 26, 2005 - 12:00 a.m.

rkhunter -- insecure temporary file creation

2005-04-2600:00:00

vuxml.freebsd.org

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Gentoo reports:

Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux
Security Team have reported that the check_update.sh script and
the main rkhunter script insecurely creates several temporary
files with predictable filenames.
A local attacker could create symbolic links in the temporary
files directory, pointing to a valid file somewhere on the
filesystem. When rkhunter or the check_update.sh script runs,
this would result in the file being overwritten with the rights of
the user running the utility, which could be the root user.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrkhunter< 1.2.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	rkhunter	< 1.2.5	UNKNOWN

References

www.gentoo.org/security/en/glsa/glsa-200504-25.xml

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for F14AD681-5B88-11DC-812D-0011098B2F36