FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f14ad681-5b88-11dc-812d-0011098b2f36	rkhunter -- insecure temporary file creation Gentoo reports: Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux Security Team have reported that the check_update.sh script and the main rkhunter script insecurely creates several temporary files with predictable filenames. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When rkhunter or the check_update.sh script runs, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Discovery 2005-04-26 Entry 2007-09-05 rkhunter < 1.2.5 13399 CVE-2005-1270 http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml

VuXML ID

Description

f14ad681-5b88-11dc-812d-0011098b2f36

rkhunter -- insecure temporary file creation

Gentoo reports:

Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux Security Team have reported that the check_update.sh script and the main rkhunter script insecurely creates several temporary files with predictable filenames.

A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When rkhunter or the check_update.sh script runs, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.

Discovery 2005-04-26
Entry 2007-09-05
rkhunter

< 1.2.5

13399
CVE-2005-1270
http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml