False positive for SucKit
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cyborg |
Fix Released
|
Medium
|
mit | ||
Ubuntu Server papercuts |
Invalid
|
Undecided
|
Unassigned | ||
chkrootkit (Debian) |
Fix Released
|
Unknown
|
Bug Description
Binary package hint: chkrootkit
Searching for Suckit rootkit... Warning: /sbin/init INFECTED
According to http://
# ls -li /sbin/init /sbin/telinit
172240 -rwxr-xr-x 1 root root 199472 2009-10-15 21:19 /sbin/init
172791 -rwxr-xr-x 1 root root 96568 2009-10-15 21:19 /sbin/telinit
http://
This false positive seems to be popping up since a few years. So I guess the check for SucKit needs improvement...
ProblemType: Bug
Architecture: amd64
Date: Sun Oct 18 12:42:45 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelMo
Package: chkrootkit 0.48-10
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: chkrootkit
Uname: Linux 2.6.31-13-generic x86_64
Related branches
Changed in chkrootkit (Ubuntu): | |
importance: | Wishlist → Medium |
status: | Incomplete → Confirmed |
Changed in chkrootkit (Debian): | |
status: | Unknown → Fix Released |
information type: | Public → Public Security |
information type: | Public Security → Public |
information type: | Public → Public Security |
information type: | Public Security → Public |
affects: | chkrootkit (Ubuntu) → cyborg |
Changed in cyborg: | |
assignee: | nobody → mit (mit2596) |
tags: | added: i386 trusty |
Thanks for the bug report. I was wondering if you have any suggestion to improve it.
Thanks
chuck