Unrated severityNVD Advisory· Published Oct 25, 2014· Updated May 6, 2026

CVE-2014-0476

Description

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

Affected products

Chkrootkit/Chkrootkit
cpe:2.3:a:chkrootkit:chkrootkit:*:*:*:*:*:*:*:*
Range: <=0.49
Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2014/06/04/9nvdExploit
www.chkrootkit.orgnvdVendor Advisory
osvdb.org/show/osvdb/107710nvd
packetstormsecurity.com/files/134484/Chkrootkit-Local-Privilege-Escalation.htmlnvd
www.debian.org/security/2014/dsa-2945nvd
www.ubuntu.com/usn/USN-2230-1nvd
security.gentoo.org/glsa/201709-05nvd
www.exploit-db.com/exploits/38775/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000