CVE-2023-4413

Name of the Vulnerable Software and Affected Versions rkhunter versions 1.4.4 through 1.4.6

Description A vulnerability was found in the rkhunter Rootkit Hunter. The issue affects an unknown function of the file /var/log/rkhunter.log, leading to sensitive information in log files. An attack must be approached locally and has a rather high complexity, with difficult exploitability. The exploit has been disclosed to the public.

Recommendations For versions 1.4.4 through 1.4.6, consider restricting access to the /var/log/rkhunter.log file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.