stable
FEDORA-EPEL-2014-1575 created by limb 8 years ago for Fedora EPEL 5

A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges.

The problematic part was:

file_port=$file_port $i

Which is changed to file_port="$file_port $i" to fix the issue. From the Debian diff:

--- chkrootkit-0.49.orig/debian/patches/CVE-2014-0476.patch +++ chkrootkit-0.49/debian/patches/CVE-2014-0476.patch @@ -0,0 +1,13 @@ +Index: chkrootkit/chkrootkit +=================================================================== +--- chkrootkit.orig/chkrootkit ++++ chkrootkit/chkrootkit +@@ -117,7 +117,7 @@ slapper (){ + fi + for i in ${SLAPPER_FILES}; do + if [ -f ${i} ]; then +- file_port=$file_port $i ++ file_port="$file_port $i" + STATUS=1 + fi + done

Acknowledgements:

Red Hat would like to thank Thomas Stangner for reporting this issue.

This update has been submitted for testing by limb.

8 years ago

This update is currently being pushed to the Fedora EPEL 5 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for stable by limb.

8 years ago

This update is currently being pushed to the Fedora EPEL 5 stable updates repository.

8 years ago

This update has been pushed to stable

8 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
BZ#1104456 CVE-2014-0476 chkrootkit: local privilege escalation [fedora-all]
0
0
BZ#1104457 CVE-2014-0476 chkrootkit: local privilege escalation [epel-all]
0
0

Automated Test Results