SecurityTeam US Contribute  :  Advanced Search  :  Web Resources  :  Polls  :  File Repository  
 
advanced search  
Poll
What would you like to see on SecurityTeamUS?
More News
Product Reviews
HowTo's
Custom RPM/Packages/Tools
Other (Please leave comment)
Results
96 votes | 0 comments
Topics
Home
Apache
Apple
Application Software
Cisco Systems
Database Servers
Internet Explorer
Linux
Macromedia
Microsoft
Mozilla/Firefox
Phishing/ID Theft
Real Networks
Security News
Sun Microsystems
Web Appliances/Devices
Web Scripts
Wi-Fi
Virus Alerts
Events
There are no upcoming events
 Welcome to SecurityTeam US
 Monday, February 06 2012 @ 11:39 AM EST

Rootkit Hunter Insecure Temporary File Creation

    
Wednesday, May 04 2005 @ 10:27 PM EDT

LinuxSune Kloppenborg Jeppesen and Tavis Ormandy has reported some vulnerabilities in Rootkit Hunter, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.

The vulnerabilities are caused due to temporary files being created insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running the "check_update.sh" or "rkhunter" script.

SOFTWARE:
Rootkit Hunter 1.x

SOLUTION:
Edit the source code to ensure that temporary files are created securely.

PROVIDED AND/OR DISCOVERED BY:
Sune Kloppenborg Jeppesen and Tavis Ormandy, Gentoo Linux Security Team.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml

VERIFY ADVISORY:
http://secunia.com/advisories/15127/

Secunia Security Advisories

 
What's Related

Story Options

Rootkit Hunter Insecure Temporary File Creation | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2012 SecurityTeam US
 All trademarks and copyrights on this page are owned by their respective owners.		   Get Firefox!
Dedicated Servers
Created this page in 0.15 seconds