rkhunter incorrectly detects Xzibit Rootkit in Lucid
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rkhunter (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: rkhunter
When run in Lucid, rkhunter incorrectly detects the Xzibit rootkit:
[08:04:20] Warning: Checking for possible rootkit strings [ Warning ]
[08:04:20] Found string 'hdparm' in file '/etc/init.
This is a known issue that is corrected by this patch:
http://
Bug:
http://
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: rkhunter 1.3.6-3
ProcVersionSign
Uname: Linux 2.6.32-19-generic x86_64
Architecture: amd64
Date: Tue Apr 6 08:30:28 2010
EcryptfsInUse: Yes
PackageArchitec
ProcEnviron:
PATH=(custom, user)
LANG=en_CA.utf8
SHELL=/bin/bash
SourcePackage: rkhunter
This bug was fixed in the package rkhunter - 1.3.6-3ubuntu1
---------------
rkhunter (1.3.6-3ubuntu1) lucid; urgency=low
* debian/ patches/ 20_fix_ strings_ check.diff: fix hdparm false alert which
leads to the Xzibit rootkit incorrectly being detected. The patch
now ignores comment lines when performing string checks. (LP: #556455)
-- Marc Deslauriers <email address hidden> Tue, 06 Apr 2010 08:45:13 -0400