Candidate: CVE-2017-7480
PublicDate: 2017-07-21 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7480
 http://www.openwall.com/lists/oss-security/2017/06/29/2
Description:
 rkhunter versions before 1.4.4 are vulnerable to file download over
 insecure channel when doing mirror update resulting into potential remote
 code execution.
Ubuntu-Description:
 It was discovered that rkhunter is vulnerable to file download over
 insecure channel. An attacker could use it for remote code execution.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_rkhunter:
upstream_rkhunter: released (1.4.4-1)
precise/esm_rkhunter: DNE
trusty_rkhunter: ignored (reached end-of-life)
trusty/esm_rkhunter: DNE (trusty was needed)
vivid/ubuntu-core_rkhunter: DNE
xenial_rkhunter: ignored (end of standard support, was needed)
yakkety_rkhunter: ignored (reached end-of-life)
zesty_rkhunter: ignored (reached end-of-life)
artful_rkhunter: ignored (reached end-of-life)
bionic_rkhunter: not-affected (1.4.6-2)
cosmic_rkhunter: not-affected (1.4.6-2)
disco_rkhunter: not-affected (1.4.6-2)
eoan_rkhunter: not-affected (1.4.6-2)
focal_rkhunter: not-affected (1.4.6-2)
groovy_rkhunter: not-affected (1.4.6-2)
hirsute_rkhunter: not-affected (1.4.6-2)
impish_rkhunter: not-affected (1.4.6-2)
jammy_rkhunter: not-affected (1.4.6-2)
devel_rkhunter: not-affected (1.4.6-2)