2 results (0.023 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. rkhunter versiones anteriores a 1.4.4, es vulnerable a descargar archivos en canales no seguros cuando se realiza una actualización espejo, resultando en una potencial ejecución de código remota. • http://seclists.org/oss-sec/2017/q2/643 https://security.gentoo.org/glsa/201805-11 • CWE-300: Channel Accessible by Non-Endpoint CWE-417: Communication Channel Errors •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. • http://secunia.com/advisories/15127 http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml http://www.osvdb.org/15861 http://www.securityfocus.com/bid/13399 https://exchange.xforce.ibmcloud.com/vulnerabilities/20279 •