3.7

CVE-2014-0476

Exploit
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable.  NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ChkrootkitChkrootkit Version <= 0.49
CanonicalUbuntu Linux Version10.04 Editionlts
CanonicalUbuntu Linux Version12.04 Editionlts
CanonicalUbuntu Linux Version13.10
CanonicalUbuntu Linux Version14.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.83% 0.887
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 1.9 6.4
AV:L/AC:H/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/show/osvdb/107710
http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html
http://www.chkrootkit.org/
Vendor Advisory
http://www.debian.org/security/2014/dsa-2945
http://www.openwall.com/lists/oss-security/2014/06/04/9
Exploit
http://www.ubuntu.com/usn/USN-2230-1
https://security.gentoo.org/glsa/201709-05
https://www.exploit-db.com/exploits/38775/