CVE-2014-0476 - OpenCVE

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Chkrootkit	Chkrootkit

Configuration 1 [-]

OR	cpe:2.3:a:chkrootkit:chkrootkit::::::::
	cpe:2.3:o:canonical:ubuntu_linux:10.04::lts:::::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::lts:::::
	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

References

Link	Resource
http://osvdb.org/show/osvdb/107710
http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html
http://www.chkrootkit.org/	Vendor Advisory
http://www.debian.org/security/2014/dsa-2945
http://www.openwall.com/lists/oss-security/2014/06/04/9	Exploit
http://www.ubuntu.com/usn/USN-2230-1
https://security.gentoo.org/glsa/201709-05
https://www.exploit-db.com/exploits/38775/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2014-10-25T22:00:00

Updated: 2017-09-18T09:57:01

Reserved: 2013-12-19T00:00:00

Link: CVE-2014-0476

JSON object: View

NVD Information

Status : Modified

Published: 2014-10-25T22:55:04.070

Modified: 2017-09-19T01:36:55.843

Link: CVE-2014-0476

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-04T00:00:00", "descriptions": [{"lang": "en", "value": "The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T09:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.chkrootkit.org/"}, {"name": "[oss-security] 20140604 CVE-2014-0476 chkrootkit vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/06/04/9"}, {"name": "GLSA-201709-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201709-05"}, {"name": "USN-2230-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2230-1"}, {"name": "107710", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/show/osvdb/107710"}, {"name": "DSA-2945", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2945"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html"}, {"name": "38775", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/38775/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2014-0476", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.chkrootkit.org/", "refsource": "CONFIRM", "url": "http://www.chkrootkit.org/"}, {"name": "[oss-security] 20140604 CVE-2014-0476 chkrootkit vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/04/9"}, {"name": "GLSA-201709-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-05"}, {"name": "USN-2230-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2230-1"}, {"name": "107710", "refsource": "OSVDB", "url": "http://osvdb.org/show/osvdb/107710"}, {"name": "DSA-2945", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2945"}, {"name": "http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html"}, {"name": "38775", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38775/"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2014-0476", "datePublished": "2014-10-25T22:00:00", "dateReserved": "2013-12-19T00:00:00", "dateUpdated": "2017-09-18T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chkrootkit:chkrootkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E5730CC-C23E-49BA-B51D-FC0E6E12CD7F", "versionEndIncluding": "0.49", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:*", "matchCriteriaId": "823E02CA-A145-46C2-BC4C-16DECB060B19", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:lts:*:*:*:*:*", "matchCriteriaId": "E685F933-7C10-49B6-9F4B-89478AF51761", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option."}, {"lang": "es", "value": "La funci\u00f3n slapper en chkrootkit anterior a 0.50 no cita debidamente las rutas de los ficheros de citas, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de un troyano ejecutable. NOTA: esto solamente es una vulnerabilidad cuando /tmp no est\u00e1 montado con la opci\u00f3n noexec."}], "id": "CVE-2014-0476", "lastModified": "2017-09-19T01:36:55.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-25T22:55:04.070", "references": [{"source": "security@debian.org", "url": "http://osvdb.org/show/osvdb/107710"}, {"source": "security@debian.org", "url": "http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "http://www.chkrootkit.org/"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2014/dsa-2945"}, {"source": "security@debian.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2014/06/04/9"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-2230-1"}, {"source": "security@debian.org", "url": "https://security.gentoo.org/glsa/201709-05"}, {"source": "security@debian.org", "url": "https://www.exploit-db.com/exploits/38775/"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}