Gentoo Linux Security Advisory 201709-05

Gentoo Linux Security Advisory 201709-05: Posted Sep 17, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201709-5 - A vulnerability in chkrootkit may allow local users to gain root privileges. Versions less than 0.50 are affected.; tags | advisory, local, root; systems | linux, gentoo; advisories | CVE-2014-0476; SHA-256 | a47c2b30b67fbb7916eaad7a2b14b56e00e69a6ffb121d81b05d425a741c1fa3; Download | Favorite | View

Gentoo Linux Security Advisory 201709-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201709-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: chkrootkit: Local privilege escalation
     Date: September 17, 2017
     Bugs: #512356
       ID: 201709-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability in chkrootkit may allow local users to gain root
privileges.

Background
==========

chkrootkit is a tool to locally check for signs of a rootkit.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-forensics/chkrootkit
                                   < 0.50                     >= 0.50 

Description
===========

When /tmp is mounted without the noexec option chkrootkit will execute
files in /tmp with root privileges.

Impact
======

A local attacker could possibly execute arbitrary code with root
privileges.

Workaround
==========

Users should mount /tmp with noexec option.

Resolution
==========

All chkrootkit users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-forensics/chkrootkit-0.50"

References
==========

[ 1 ] CVE-2014-0476
      https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0476

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201709-05

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Gentoo Linux Security Advisory 201709-05

Gentoo Linux Security Advisory 201709-05

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gentoo Linux Security Advisory 201709-05

Share This

Gentoo Linux Security Advisory 201709-05

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems