Your message dated Tue, 19 Sep 2023 14:07:04 -0700
with message-id <[email protected]>
and subject line Re: Bug#1051896: rkhunter: CVE-2023-4413
has caused the Debian Bug report #1051896,
regarding rkhunter: CVE-2023-4413
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1051896: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051896
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rkhunter
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for rkhunter.
CVE-2023-4413[0]:
| A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It
| has been classified as problematic. Affected is an unknown function
| of the file /var/log/rkhunter.log. The manipulation leads to
| sensitive information in log files. An attack has to be approached
| locally. The complexity of an attack is rather high. The
| exploitability is told to be difficult. The exploit has been
| disclosed to the public and may be used. The identifier of this
| vulnerability is VDB-237516.
https://gist.github.com/MatheuZSecurity/16ef0219db8f85f49f945a25d5eb42d7
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-4413
https://www.cve.org/CVERecord?id=CVE-2023-4413
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Closing as wontfix since the security team agrees this CVE is not relevant
given the rkhunter threat model:
https://security-tracker.debian.org/tracker/CVE-2023-4413
Francois
--
https://fmarier.org/
--- End Message ---
