Gentoo Archives: gentoo-announce

From: Sune Kloppenborg Jeppesen <jaervosz@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation
Date: Tue, 26 Apr 2005 19:11:57
Message-Id: 200504262114.37414.jaervosz@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200504-25
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Rootkit Hunter: Insecure temporary file creation
9 Date: April 26, 2005
10 Bugs: #90007
11 ID: 200504-25
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a
19 local user to overwrite arbitrary files.
20
21 Background
22 ==========
23
24 Rootkit Hunter is a scanning tool to detect rootkits, backdoors and
25 local exploits on a local machine. Rootkit Hunter uses downloaded data
26 files to check file integrity. These files are updated via the
27 check_update.sh script.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 app-forensics/rkhunter < 1.2.3-r1 >= 1.2.3-r1
36
37 Description
38 ===========
39
40 Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux
41 Security Team have reported that the check_update.sh script and the
42 main rkhunter script insecurely creates several temporary files with
43 predictable filenames.
44
45 Impact
46 ======
47
48 A local attacker could create symbolic links in the temporary files
49 directory, pointing to a valid file somewhere on the filesystem. When
50 rkhunter or the check_update.sh script runs, this would result in the
51 file being overwritten with the rights of the user running the utility,
52 which could be the root user.
53
54 Workaround
55 ==========
56
57 There is no known workaround at this time.
58
59 Resolution
60 ==========
61
62 All Rootkit Hunter users should upgrade to the latest version:
63
64 # emerge --sync
65 # emerge --ask --oneshot --verbose ">=app-forensics/rkhunter-1.2.3-r1"
66
67 References
68 ==========
69
70 [ 1 ] CAN-2005-1270
71 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1270
72
73 Availability
74 ============
75
76 This GLSA and any updates to it are available for viewing at
77 the Gentoo Security Website:
78
79 http://security.gentoo.org/glsa/glsa-200504-25.xml
80
81 Concerns?
82 =========
83
84 Security is a primary focus of Gentoo Linux and ensuring the
85 confidentiality and security of our users machines is of utmost
86 importance to us. Any security concerns should be addressed to
87 security@g.o or alternatively, you may file a bug at
88 http://bugs.gentoo.org.
89
90 License
91 =======
92
93 Copyright 2005 Gentoo Foundation, Inc; referenced text
94 belongs to its owner(s).
95
96 The contents of this document are licensed under the
97 Creative Commons - Attribution / Share Alike license.
98
99 http://creativecommons.org/licenses/by-sa/2.0