Rootkit Hunter Local Insecure Temporary File Creation Vulnerability
BID:13399
Info
Rootkit Hunter Local Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 13399 |
| Class: | Design Error |
| CVE: |
CVE-2005-1270 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 26 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Sune Kloppenborg Jeppesen and Tavis Ormandy are credited with the discovery of this issue. |
| Vulnerable: |
Rootkit.nl Rootkit Hunter 1.2.3 Rootkit.nl Rootkit Hunter 1.2.2 Rootkit.nl Rootkit Hunter 1.2.1 Rootkit.nl Rootkit Hunter 1.2 |
| Not Vulnerable: | |
Discussion
Rootkit Hunter Local Insecure Temporary File Creation Vulnerability
A local insecure file creation vulnerability affects Rootkit Hunter. This issue is due to a design error that causes a file to be insecurely opened or created and subsequently written to.
An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the affected application.
A local insecure file creation vulnerability affects Rootkit Hunter. This issue is due to a design error that causes a file to be insecurely opened or created and subsequently written to.
An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the affected application.
Exploit / POC
Rootkit Hunter Local Insecure Temporary File Creation Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Rootkit Hunter Local Insecure Temporary File Creation Vulnerability
Solution:
Gentoo Linux has released an advisory (GLSA 200504-25) dealing with this issue. Gentoo advises that all users upgrade their packages by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=app-forensics/rkhunter-1.2.3-r1"
For more information, please see the referenced Gentoo Linux advisory.
Solution:
Gentoo Linux has released an advisory (GLSA 200504-25) dealing with this issue. Gentoo advises that all users upgrade their packages by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=app-forensics/rkhunter-1.2.3-r1"
For more information, please see the referenced Gentoo Linux advisory.
References
Rootkit Hunter Local Insecure Temporary File Creation Vulnerability
References:
References:
- Rootkit Hunter Home Page (Rootkit.nl)