CVE-2014-0476
- Source
- https://cve.org/CVERecord?id=CVE-2014-0476
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-0476.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2014-0476
- Downstream
- Related
- Withdrawn
- 2026-01-27T04:12:29.276313Z
- Published
- 2014-10-25T22:55:04Z
- Modified
- 2026-01-27T04:12:29.276313Z
- Summary
- [none]
- Details
-
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
- References
-
- http://www.chkrootkit.org/
- http://www.debian.org/security/2014/dsa-2945
- http://www.ubuntu.com/usn/USN-2230-1
- https://security.gentoo.org/glsa/201709-05
- http://www.openwall.com/lists/oss-security/2014/06/04/9
- http://osvdb.org/show/osvdb/107710
- http://packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.html
- https://www.exploit-db.com/exploits/38775/