The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | chkrootkit | 2014-07-09 16:36 | ALAS-2014-370 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 3.7 | AV:L/AC:H/Au:N/C:P/I:P/A:P |
NVD | CVSSv2 | 3.7 | AV:L/AC:H/Au:N/C:P/I:P/A:P |