CVE-2014-0476
low
CVSS v3
—
CVSS v2
3.7
VIR risk
3.7
Description
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-0476
Vendor advisory: security@debian.org — http://www.chkrootkit.org/
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0.49-5 |
| debian | bullseye | fixed | 0.49-5 |
| debian | forky | fixed | 0.49-5 |
| debian | sid | fixed | 0.49-5 |
| debian | trixie | fixed | 0.49-5 |
| ubuntu | 10.04 | affected | |
| ubuntu | 12.04 | affected | |
| ubuntu | 13.10 | affected | |
| ubuntu | 14.04 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chkrootkit | chkrootkit | {"endIncluding":"0.49"} | |
References
- http://osvdb.org/show/osvdb/107710
- http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html
- http://www.chkrootkit.org/
- http://www.debian.org/security/2014/dsa-2945
- http://www.openwall.com/lists/oss-security/2014/06/04/9
- http://www.ubuntu.com/usn/USN-2230-1
- https://security.gentoo.org/glsa/201709-05
- https://www.exploit-db.com/exploits/38775/
- https://security-tracker.debian.org/tracker/CVE-2014-0476
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.