On Fri, 2015-06-19 at 21:50 +0100, G.W. Haywood wrote: > On Fri, 19 Jun 2015, Skirpan Jr, Stephen J Jr CTR DISA PEO-C2C (US) wrote: > > > Some of the older versions of RKHunter (1.3.2 for example) had a > > vulnerability against it involving a symlink attack (CVE-2008-4982). > > Has that been fixed in 1.4.2? > > Looks that way to me. At around line 77 of the rkhunter shell script > you'll see the use of 'mktemp' in creating the debug file under /tmp/. > Correct. But in addition it tests to see if a link of the generated name already exists. If it does then the program stops with an error.
John. -- ---------------------------------------------------- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
