CVE-2017-7480

EPSS 2.3%CWE-300

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.

Affected products

Red Hat, Inc. · rkhunter

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/oss-sec/2017/q2/643 https://security.gentoo.org/glsa/201805-11