First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 90007
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
rkhunter.diff suggested fix patch Tavis Ormandy (RETIRED) 2005-04-25 09:54 0000 3.04 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 90007 depends on: Show dependency tree
Show dependency graph
Bug 90007 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-04-21 22:50 0000 
The supplied check_update.sh script creates temporary files insecurely: 

/tmp/rkhunter.upd.gz
/tmp/rkhunter.upd

At least the first one is easy to exploit.

It is executed when rkhunter --update is called.

Auditors please verify my findings.

------- Comment #1 From Tavis Ormandy (RETIRED) 2005-04-22 02:28:38 0000 ------- 
Confirmed, there are more in rkhunter:

/tmp/procmail.txt
/tmp/proftpd.txt
/tmp/openssh.txt

these are UUoC as well, i suppose author didnt know 2>&1 :)

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-04-22 05:58:43 0000 ------- 
Upstream notified.

------- Comment #3 From Sune Kloppenborg Jeppesen 2005-04-22 10:21:12 0000 ------- 
Upstream responded that he will look into it.

upstream CC'ed.

------- Comment #4 From Tavis Ormandy (RETIRED) 2005-04-25 09:54:52 0000 ------- 
Created an attachment (id=57197) [edit]
suggested fix

------- Comment #5 From Aaron Walker (RETIRED) 2005-04-25 10:22:40 0000 ------- 
Looks good here.  1.2.3-r1 is in CVS pending new upstream release.  CC'd archs
please mark stable.

------- Comment #6 From Thierry Carrez (RETIRED) 2005-04-25 11:52:02 0000 ------- 
Opening the bug since the fix is incvs now

------- Comment #7 From Gustavo Zacarias (RETIRED) 2005-04-25 11:59:11 0000 ------- 
sparc stable.

------- Comment #8 From Jan Brinkmann (RETIRED) 2005-04-25 12:05:22 0000 ------- 
stable on amd64

------- Comment #9 From Michael Hanselmann (hansmi) (RETIRED) 2005-04-25 12:39:31 0000 ------- 
Stable on ppc.

------- Comment #10 From Aaron Walker (RETIRED) 2005-04-26 04:46:32 0000 ------- 
New upstream release is out, but still vulnerable (none of the suggested fixes
were applied).  A patched 1.2.4 is in CVS.

------- Comment #11 From Aaron Walker (RETIRED) 2005-04-26 04:48:50 0000 ------- 
Looks like alpha stabled but never commented on the bug.  This one's ready to
go.

------- Comment #12 From Sune Kloppenborg Jeppesen 2005-04-26 12:31:28 0000 ------- 
GLSA 200504-25
First Last Prev Next    No search results available      Search page      Enter new bug