FreeBSD : rkhunter -- insecure temporary file creation (f14ad681-5b88-11dc-812d-0011098b2f36)
Low Nessus Plugin ID 25982
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionGentoo reports :
Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux Security Team have reported that the check_update.sh script and the main rkhunter script insecurely creates several temporary files with predictable filenames.
A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When rkhunter or the check_update.sh script runs, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.
SolutionUpdate the affected package.