CVE-2014-0476

EPSS 11.4%

chkrootkit - security update

發布日:2014/10/25修改日:2026/4/28

描述

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

受影響套件(3)

Debian/chkrootkitfrom 0, < 0.49-5
Debian/chkrootkitfrom 0, < 0.49-4+deb6u1
Debian/chkrootkitfrom 0, < 0.49-4.1+deb7u2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0476