Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 551
Alerts This Week
Warning Icon 1 551

Gentoo GLSA-201709-05 High: Chkrootkit Local Privilege Escalation

gentoo
Calendar Grey September 17, 2017
Dist Gentoo Esm H88
Local attackers may obtain administrative rights through a chkrootkit flaw; it is recommended that users update promptly to reduce exposure.
A vulnerability in chkrootkit may allow local users to gain root privileges.

Summary

When /tmp is mounted without the noexec option chkrootkit will execute files in /tmp with root privileges.

Resolution

All chkrootkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-forensics/chkrootkit-0.50"

References

[ 1 ] CVE-2014-0476 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0476

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201709-05
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: chkrootkit: Local privilege escalation
Date: September 17, 2017
Bugs: #512356
ID: 201709-05

Synopsis

A vulnerability in chkrootkit may allow local users to gain root privileges.

Background

chkrootkit is a tool to locally check for signs of a rootkit.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-forensics/chkrootkit < 0.50 >= 0.50

Impact

===== A local attacker could possibly execute arbitrary code with root privileges.

Workaround

Users should mount /tmp with noexec option.