235798 – (CVE-2008-4982) app-forensics/rkhunter: audit wrt insecure temp file usage (CVE-2008-4982)

Bug 235798 (CVE-2008-4982) - app-forensics/rkhunter: audit wrt insecure temp file usage (CVE-2008-4982)

Summary: app-forensics/rkhunter: audit wrt insecure temp file usage (CVE-2008-4982)

Status:	RESOLVED INVALID

Alias:	CVE-2008-4982

Product:	Gentoo Security
Classification:	Unclassified
Component:	Auditing (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://bugs.debian.org/496375
Whiteboard:
Keywords:

Depends on:
Blocks:	194832 debian-tempfile
	Show dependency tree

Reported:	2008-08-26 17:04 UTC by Christian Hoffmann (RETIRED)
Modified:	2008-11-08 00:22 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Hoffmann (RETIRED) gentoo-dev

2008-08-26 17:04:56 UTC

See $URL and bug 235770.

Comment 1 Christian Hoffmann (RETIRED) gentoo-dev

2008-08-26 17:09:24 UTC

All in-tree versions (1.2.7-r1, 1.2.8, 1.2.9) only install scripts which either use mktemp properly or place temporary files in a pre-created directory which is owned by the super user.
The user may change this path using the --tmpdir option in some cases, but even in that case rkhunter warns about it if the user tries to use /tmp.

Debian ships a newer version of this package, so we should be careful when bumping.

So:
Currently not affected
Might be affected in the future if new versions of rkhunter find their way into the tree.

BTW: Several scripts in the tarball look like they are vulnerable to temporary file issues, but we don't install those.