Rootkit Hunter rkhunter Symlink Arbitrary File Overwrite

2005-04-26T07:31:36
ID OSVDB:15861
Type osvdb
Reporter Sune Kloppenborg Jeppesen(security@gentoo.org), Tavis Ormandy(taviso@google.com)
Modified 2005-04-26T07:31:36

Description

Vulnerability Description

Rootkit.nl Rootkit Hunter contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the rkhunter script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Solution Description

Upgrade to version 1.2.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Rootkit.nl Rootkit Hunter contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the rkhunter script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

References:

Vendor URL: http://www.rootkit.nl/projects/rootkit_hunter.html Secunia Advisory ID:15132 Secunia Advisory ID:15127 Related OSVDB ID: 15858 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml ISS X-Force ID: 20279 CVE-2005-1270 Bugtraq ID: 13399