Bug 14982

Summary: Is cauldron infected by the SucKIT rootkit?
Product: Mageia Reporter: Bjarne Thomsen <bjarne.thomsen>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: bittwister2, ftg
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: chkrootkit-0.50-5.mga5.src.rpm CVE:
Status comment:

Description Bjarne Thomsen 2015-01-07 22:53:21 CET 
Description of problem:
I ran a freshly installed chkrootkit on 2 machines running mga5 (latest cauldron).
In both caset chkrootkit warns med that /sbin/init is infected by
the Suckit rootkit:
http://la-samhna.de/library/rootkits/list.html

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.


Reproducible: 

Steps to Reproduce:
Bit Twister 2015-01-08 00:35:27 CET

CC: (none) => junknospam

Comment 1 Frank Griffin 2015-01-08 00:39:18 CET 
I confirm, but I don't know whether it's a false positive or not.

CC: (none) => ftg

Comment 2 David Walser 2015-01-08 02:05:59 CET 
It is a false positive, caused by it finding a particular string that's in the systemd binary.

It was supposed to have been fixed upstream in 0.50, but I guess the fix didn't work.  I've added back our old patch to remove the false positive.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Source RPM: Unknown (to me) => chkrootkit-0.50-5.mga5.src.rpm