Sune Kloppenborg Jeppesen and Tavis Ormandy has reported some vulnerabilities in Rootkit Hunter, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
The vulnerabilities are caused due to temporary files being created insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running the "check_update.sh" or "rkhunter" script.
SOFTWARE:
Rootkit Hunter 1.x
SOLUTION:
Edit the source code to ensure that temporary files are created
securely.
PROVIDED AND/OR DISCOVERED BY:
Sune Kloppenborg Jeppesen and Tavis Ormandy, Gentoo Linux Security
Team.
ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml
VERIFY ADVISORY:
http://secunia.com/advisories/15127/
Secunia Security Advisories
http://community.securityteam.us/article.php/2005050422270352