Bug 1214426 (CVE-2023-4413)

Summary: VUL-0: CVE-2023-4413: rkhunter: info leak via log files
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/375792/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2023-08-21 07:44:35 UTC 
CVE-2023-4413

A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It has been
classified as problematic. Affected is an unknown function of the file
/var/log/rkhunter.log. The manipulation leads to sensitive information in log
files. An attack has to be approached locally. The complexity of an attack is
rather high. The exploitability is told to be difficult. The exploit has been
disclosed to the public and may be used. The identifier of this vulnerability is
VDB-237516.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4413
https://bugzilla.redhat.com/show_bug.cgi?id=2232821
https://www.cve.org/CVERecord?id=CVE-2023-4413
https://gist.github.com/MatheuZSecurity/16ef0219db8f85f49f945a25d5eb42d7
https://vuldb.com/?ctiid.237516
https://vuldb.com/?id.237516
https://youtu.be/etHt1TNAgs8
Comment 1 Robert Frohl 2023-08-21 07:46:29 UTC 
affects Factory and Backports