CVE-2014-0476 - OpenCVE

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Chkrootkit	Chkrootkit

Configuration 1 [-]

OR	cpe:2.3:a:chkrootkit:chkrootkit::::::::
	cpe:2.3:o:canonical:ubuntu_linux:10.04::lts:::::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::lts:::::
	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

No data.

References

Link	Providers
http://osvdb.org/show/osvdb/107710
http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html
http://www.chkrootkit.org/
http://www.debian.org/security/2014/dsa-2945
http://www.openwall.com/lists/oss-security/2014/06/04/9
http://www.ubuntu.com/usn/USN-2230-1
https://security.gentoo.org/glsa/201709-05
https://www.exploit-db.com/exploits/38775/

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2014-10-25T22:00:00

Updated: 2024-08-06T09:20:17.970Z

Reserved: 2013-12-19T00:00:00

Link: CVE-2014-0476

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-10-25T22:55:04.070

Modified: 2017-09-19T01:36:55.843

Link: CVE-2014-0476

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-04T00:00:00", "descriptions": [{"lang": "en", "value": "The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T09:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.chkrootkit.org/"}, {"name": "[oss-security] 20140604 CVE-2014-0476 chkrootkit vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/06/04/9"}, {"name": "GLSA-201709-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201709-05"}, {"name": "USN-2230-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2230-1"}, {"name": "107710", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/show/osvdb/107710"}, {"name": "DSA-2945", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2945"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html"}, {"name": "38775", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/38775/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2014-0476", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.chkrootkit.org/", "refsource": "CONFIRM", "url": "http://www.chkrootkit.org/"}, {"name": "[oss-security] 20140604 CVE-2014-0476 chkrootkit vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/04/9"}, {"name": "GLSA-201709-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-05"}, {"name": "USN-2230-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2230-1"}, {"name": "107710", "refsource": "OSVDB", "url": "http://osvdb.org/show/osvdb/107710"}, {"name": "DSA-2945", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2945"}, {"name": "http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html"}, {"name": "38775", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38775/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:20:17.970Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.chkrootkit.org/"}, {"name": "[oss-security] 20140604 CVE-2014-0476 chkrootkit vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/06/04/9"}, {"name": "GLSA-201709-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201709-05"}, {"name": "USN-2230-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2230-1"}, {"name": "107710", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/show/osvdb/107710"}, {"name": "DSA-2945", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2945"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html"}, {"name": "38775", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/38775/"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2014-0476", "datePublished": "2014-10-25T22:00:00", "dateReserved": "2013-12-19T00:00:00", "dateUpdated": "2024-08-06T09:20:17.970Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chkrootkit:chkrootkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E5730CC-C23E-49BA-B51D-FC0E6E12CD7F", "versionEndIncluding": "0.49", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:*", "matchCriteriaId": "823E02CA-A145-46C2-BC4C-16DECB060B19", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:lts:*:*:*:*:*", "matchCriteriaId": "E685F933-7C10-49B6-9F4B-89478AF51761", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option."}, {"lang": "es", "value": "La funci\u00f3n slapper en chkrootkit anterior a 0.50 no cita debidamente las rutas de los ficheros de citas, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de un troyano ejecutable. NOTA: esto solamente es una vulnerabilidad cuando /tmp no est\u00e1 montado con la opci\u00f3n noexec."}], "id": "CVE-2014-0476", "lastModified": "2017-09-19T01:36:55.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-25T22:55:04.070", "references": [{"source": "security@debian.org", "url": "http://osvdb.org/show/osvdb/107710"}, {"source": "security@debian.org", "url": "http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "http://www.chkrootkit.org/"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2014/dsa-2945"}, {"source": "security@debian.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2014/06/04/9"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-2230-1"}, {"source": "security@debian.org", "url": "https://security.gentoo.org/glsa/201709-05"}, {"source": "security@debian.org", "url": "https://www.exploit-db.com/exploits/38775/"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}