Debian Security Advisory
DSA-2945-1 chkrootkit -- security update
- Date Reported:
- 03 Jun 2014
- Affected Packages:
- chkrootkit
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-0476.
- More information:
-
Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option.
For the stable distribution (wheezy), this problem has been fixed in version 0.49-4.1+deb7u2.
For the unstable distribution (sid), this problem has been fixed in version 0.49-5.
We recommend that you upgrade your chkrootkit packages.