cbcvebase.
CVE-2014-0476
published 2014-10-25

CVE-2014-0476: The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse…

PriorityP426low3.7CVSS 2.0
AVLACHAuNCPIPAP
EXPLOIT
EPSS
3.83%
88.8th percentile
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

Affected

10 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
chkrootkitchkrootkit<= 0.49
chkrootkitchkrootkit>= 0 < 0.49-50.49-5
chkrootkitchkrootkit>= 0 < 0.49-50.49-5
chkrootkitchkrootkit>= 0 < 0.49-50.49-5
chkrootkitchkrootkit>= 0 < 0.49-50.49-5
debianchkrootkit< chkrootkit 0.49-5 (bookworm)chkrootkit 0.49-5 (bookworm)

CVSS provenance

nvdv2.03.7LOWAV:L/AC:H/Au:N/C:P/I:P/A:P
osv3.7LOW
vendor_debian3.7LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.