Your message dated Wed, 28 Sep 2005 18:02:16 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#330627: fixed in rkhunter 1.2.7-14
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 29 Sep 2005 00:00:49 +0000
>From [EMAIL PROTECTED] Wed Sep 28 17:00:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from cm181-223.liwest.at (mail.nadev.net) [81.10.181.223]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EKlqz-00048e-00; Wed, 28 Sep 2005 17:00:49 -0700
Received: from defiant.nadev.net (defiant.nadev.net [::ffff:192.168.0.13])
by mail.nadev.net with esmtp; Thu, 29 Sep 2005 02:00:13 +0200
id 0001F729.433B2E90.00006260
Received: by defiant.nadev.net (sSMTP sendmail emulation); Thu, 29 Sep 2005
02:00:12 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Thomas Prokosch <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: rkhunter daily cron script is open to symlink attacks
X-Mailer: reportbug 3.17
Date: Thu, 29 Sep 2005 02:00:12 +0200
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
FROM_HAS_MIXED_NUMS,HAS_PACKAGE,X_DEBBUGS_CC autolearn=ham
version=2.60-bugs.debian.org_2005_01_02
Package: rkhunter
Severity: grave
Tags: security
Justification: user security hole
The rkhunter daily cron script version 1.2.7-13 uses the
following command to create a file in the /tmp directory:
$RKHUNTER --cronjob --report-warnings-only > /tmp/$$
If I am not mistaken this command poses a security risk for
the system because it allows a symlink attack.
Using the following commands instead would solve the problem:
OUTFILE=`mktemp ` || exit 1
$RKHUNTER --cronjob --report-warnings-only > $OUTFILE
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
---------------------------------------
Received: (at 330627-close) by bugs.debian.org; 29 Sep 2005 01:08:26 +0000
>From [EMAIL PROTECTED] Wed Sep 28 18:08:26 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EKmoS-0003jq-00; Wed, 28 Sep 2005 18:02:16 -0700
From: Micah Anderson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#330627: fixed in rkhunter 1.2.7-14
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 28 Sep 2005 18:02:16 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: rkhunter
Source-Version: 1.2.7-14
We believe that the bug you reported is fixed in the latest version of
rkhunter, which is due to be installed in the Debian FTP archive:
rkhunter_1.2.7-14.diff.gz
to pool/main/r/rkhunter/rkhunter_1.2.7-14.diff.gz
rkhunter_1.2.7-14.dsc
to pool/main/r/rkhunter/rkhunter_1.2.7-14.dsc
rkhunter_1.2.7-14_i386.deb
to pool/main/r/rkhunter/rkhunter_1.2.7-14_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Micah Anderson <[EMAIL PROTECTED]> (supplier of updated rkhunter package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 28 Sep 2005 20:33:12 -0400
Source: rkhunter
Binary: rkhunter
Architecture: source i386
Version: 1.2.7-14
Distribution: unstable
Urgency: low
Maintainer: Micah Anderson <[EMAIL PROTECTED]>
Changed-By: Micah Anderson <[EMAIL PROTECTED]>
Description:
rkhunter - rootkit, backdoor, sniffer and exploit scanner
Closes: 330627
Changes:
rkhunter (1.2.7-14) unstable; urgency=low
.
* Fixed insecure file creation in cronjob, thanks to Thomas Prokosch
(Closes: #330627)
Files:
60f03d45e44183dd35c03be38e61213b 635 admin optional rkhunter_1.2.7-14.dsc
35a6a17c0740846bffca541f6d841a94 15964 admin optional rkhunter_1.2.7-14.diff.gz
7c2d4909db9a9f91e6fb5d068336e83c 109086 admin optional
rkhunter_1.2.7-14_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDOzrP9n4qXRzy1ioRAvAaAKCgTXkpS3H69g5x/A/jvDpfmmMpNACffivX
CcTlI45dvX/+dX0QZHCI2eU=
=tBNr
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
