CVE-2014-0476

EPSS 11.4%

chkrootkit - security update

Published: 10/25/2014Modified: 4/28/2026

Description

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

Affected packages (3)

Debian/chkrootkitfrom 0, < 0.49-5
Debian/chkrootkitfrom 0, < 0.49-4+deb6u1
Debian/chkrootkitfrom 0, < 0.49-4.1+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0476