Hi there, On Fri, 19 Jun 2015, Skirpan Jr, Stephen J Jr CTR DISA PEO-C2C (US) wrote:
> Some of the older versions of RKHunter (1.3.2 for example) had a > vulnerability against it involving a symlink attack (CVE-2008-4982). > Has that been fixed in 1.4.2? Looks that way to me. At around line 77 of the rkhunter shell script you'll see the use of 'mktemp' in creating the debug file under /tmp/. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496375 for more detail. -- 73, Ged. ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
