CVE-2014-0476
Published: 4 June 2014
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
Priority
Status
Package | Release | Status |
---|---|---|
chkrootkit Launchpad, Ubuntu, Debian |
lucid |
Released
(0.49-3ubuntu0.1)
|
precise |
Released
(0.49-4ubuntu1.1)
|
|
saucy |
Released
(0.49-4.1ubuntu1.13.10.1)
|
|
trusty |
Released
(0.49-4.1ubuntu1.14.04.1)
|
|
upstream |
Needs triage
|