Rootkit Hunter Insecure Temporary File Creation Vulnerability
FrSIRT Advisory : FrSIRT/ADV-2005-0398
Rate: Low
"A local vulnerability was identified in Rootkit Hunter, which may be exploited by malicious users to conduct symlink attacks and potentially overwrite arbitrary files. The problem is that the 'check_update.sh' script creates several temporary files with predictable filenames, which may be exploited by a local attacker to overwrite arbitrary files with the privileges of the user running a vulnerable application."
Affected Versions:
Rootkit Hunter versions prior to 1.2.3-r1
0 Comments:
Post a Comment
<< Home