Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
(CVE-2014-0476) app-forensics/chkrootkit: local privilege e.
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message

Joined: 20 Dec 2005
Posts: 6111
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Tue Jun 10, 2014 2:07 pm    Post subject: (CVE-2014-0476) app-forensics/chkrootkit: local privilege e. Reply with quote

The vulnerability highlighted two days after Thomas Stangner reported a serious flaw in the chkrootkit (Check Rootkit), a rootkit detector, that allows a local attacker to gain root access to gain root control by executing malicious code inside the /tmp directory.
A common Unix-based program, chkrootkit helps system administrators to check their systems for known rootkits. The vulnerability in the chkrootkit, assigned CVE-2014-0476 ID, actually resides in the slapper() function in the shell script chkrootkit package. A non-root user can place any malicious executable file named 'update' in /tmp folder, which will get executed as root whenever chkrootkit will scan this directory for rootkits.

so if I understood correctly - it helps mitigating this (and other) issue(s)

by mounting /tmp with noexec,nosuid,nodev


this might break some apps - but at least you can remount it as needed

Hardcore Gentoo Linux user since 2004 :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum