[Rkhunter-users] A funny issue with emails sent to root@localhost

Fri, 03 Apr 2015 15:33:06 -0700 

Hello all, first mail sent to this list :)

Yesterday I received a call from the security staff at my workplace
regarding an email the network administrators had received delivered from
my home IP and sent to root@localhost, containing a report from an rkhunter
scan.
After thinking about this issue, which left me totally lost, I guess this
is what happened:
1. Upon finishing execution rkhunter automatically sent an email to
root@localhost with a report of the scan;
2. Because I was connected to my work's VPN, the email somehow ended up
delivered to the VPN mail root account.

Now, after looking into the script which is set to be executed daily it's
perfectly clear that indeed this was what happened. What I can't still make
out is how the email got delivered as I don't have any MTA installed (!),
could it be what they did receive was a delivery error email (containing
the scan report)?

Sorry to tell you this but I have to raise an eyebrow here: to me this is
an awesome security flaw guys, let alone how unprofessional this made me
look with the staff having to first find out what the hell happened and
then explaining the whole issue to them...

Before hitting the bugtracker of my distro to raise awareness of this issue
I would like to know your opinion guys, specially because I'm not sure if
the script responsible of this issue is part of upstream's package or is
provided ad-hoc by our packager(s).

OS: Fedora 21
Rootkit Hunter version: 1.4.2

Best regards,
-Martín

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to