The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| chkrootkit | chkrootkit | * |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 13.10 |