Ubuntu
rkhunter package

rkhunter incorrectly detects Xzibit Rootkit in Lucid

Bug #556455 reported by Marc Deslauriers
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rkhunter (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: rkhunter

When run in Lucid, rkhunter incorrectly detects the Xzibit rootkit:

[08:04:20] Warning: Checking for possible rootkit strings [ Warning ]
[08:04:20] Found string 'hdparm' in file '/etc/init.d/bootlogd'. Possible rootkit: Xzibit Rootkit

This is a known issue that is corrected by this patch:

http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.310&r2=1.311

Bug:

http://sourceforge.net/tracker/?func=detail&aid=2951178&group_id=155034&atid=794187

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: rkhunter 1.3.6-3
ProcVersionSignature: Ubuntu 2.6.32-19.28-generic 2.6.32.10+drm33.1
Uname: Linux 2.6.32-19-generic x86_64
Architecture: amd64
Date: Tue Apr 6 08:30:28 2010
EcryptfsInUse: Yes
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, user)
 LANG=en_CA.utf8
 SHELL=/bin/bash
SourcePackage: rkhunter

Related branches

lp:ubuntu/lucid/rkhunter
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package rkhunter - 1.3.6-3ubuntu1

---------------
rkhunter (1.3.6-3ubuntu1) lucid; urgency=low

  * debian/patches/20_fix_strings_check.diff: fix hdparm false alert which
    leads to the Xzibit rootkit incorrectly being detected. The patch
    now ignores comment lines when performing string checks. (LP: #556455)
 -- Marc Deslauriers <email address hidden> Tue, 06 Apr 2010 08:45:13 -0400

Changed in rkhunter (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.