CVE-2004-1117
Description
The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ChessBrain 20407 and earlier allow local privilege escalation via user-owned programs executed by init scripts with root privileges.
Vulnerability
In ChessBrain 20407 and earlier, the init scripts execute user-owned programs with root privileges. The Gentoo ebuild installs user-owned binaries and init scripts that are subsequently run as root, allowing a local user to modify those programs to run arbitrary code with elevated privileges [1].
Exploitation
An attacker with local access can modify one of the user-owned programs that is executed by the init script. When the init script runs (e.g., during system startup or service restart), it executes the modified program with root privileges, resulting in privilege escalation [1].
Impact
Successful exploitation gives the attacker full root privileges on the affected system, enabling complete compromise of confidentiality, integrity, and availability [1].
Mitigation
Upgrade to ChessBrain version 20407-r1 or later. The Gentoo advisory recommends running: # emerge --sync; emerge --ask --oneshot --verbose ">=sci-misc/chessbrain-20407-r1". No known workaround is available for unpatched versions [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <= 20407
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.gentoo.org/security/en/glsa/glsa-200411-26.xmlnvdPatchVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/18149nvd
News mentions
0No linked articles in our index yet.