CVE-2014-0476

2014-10-2522:55:04

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.001

Percentile

38.8%

JSON

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

Affected configurations

Nvd

Node

chkrootkitchkrootkitRange≤0.49

canonicalubuntu_linuxMatch10.04lts

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch13.10

canonicalubuntu_linuxMatch14.04lts

VendorProductVersionCPE
chkrootkitchkrootkit*cpe:2.3:a:chkrootkit:chkrootkit:*:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:lts:*:*:*:*:*
canonicalubuntu_linux13.10cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Vendor	Product	Version	CPE
chkrootkit	chkrootkit	*	cpe:2.3:a:chkrootkit:chkrootkit::::::::
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04::lts:::::
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::lts:::::
canonical	ubuntu_linux	13.10	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::