[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0476Date: (C)2014-10-21   (M)2023-12-22


The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.7
Exploit Score: 1.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
OSVDB-107710
EXPLOIT-DB-38775
DSA-2945
GLSA-201709-05
USN-2230-1
http://www.openwall.com/lists/oss-security/2014/06/04/9
http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html
http://www.chkrootkit.org/

CPE    3
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/a:chkrootkit:chkrootkit
cpe:/o:canonical:ubuntu_linux:13.10
CWE    1
CWE-20
OVAL    5
oval:org.secpod.oval:def:52237
oval:org.secpod.oval:def:107066
oval:org.secpod.oval:def:107055
oval:org.secpod.oval:def:1600126
...

© SecPod Technologies