The supplied check_update.sh script creates temporary files insecurely:
At least the first one is easy to exploit.
It is executed when rkhunter --update is called.
Auditors please verify my findings.
Confirmed, there are more in rkhunter:
these are UUoC as well, i suppose author didnt know 2>&1 :)
Upstream responded that he will look into it.
Created attachment 57197 [details, diff]
Looks good here. 1.2.3-r1 is in CVS pending new upstream release. CC'd archs please mark stable.
Opening the bug since the fix is incvs now
stable on amd64
Stable on ppc.
New upstream release is out, but still vulnerable (none of the suggested fixes were applied). A patched 1.2.4 is in CVS.
Looks like alpha stabled but never commented on the bug. This one's ready to go.