drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in chkrootkit
Name: |
Ausführen beliebiger Kommandos in chkrootkit |
|
ID: |
FEDORA-2014-7071 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Fr, 13. Juni 2014, 07:39 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0476 |
|
Applikationen: |
chkrootkit |
|
Originalnachricht |
Name : chkrootkit Product : Fedora 20 Version : 0.49 Release : 9.fc20 URL : http://www.chkrootkit.org Summary : Tool to locally check for signs of a rootkit Description : chkrootkit is a tool to locally check for signs of a rootkit. It contains:
* chkrootkit: shell script that checks system binaries for rootkit modification. * ifpromisc: checks if the network interface is in promiscuous mode. * chklastlog: checks for lastlog deletions. * chkwtmp: checks for wtmp deletions. * chkproc: checks for signs of LKM trojans. * chkdirs: checks for signs of LKM trojans. * strings: quick and dirty strings replacement. * chkutmp: checks for utmp deletions.
------------------------------------------------------------------------------- - Update Information:
A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges.
The problematic part was:
file_port=$file_port $i
Which is changed to file_port="$file_port $i" to fix the issue. From the Debian diff:
--- chkrootkit-0.49.orig/debian/patches/CVE-2014-0476.patch
+++ chkrootkit-0.49/debian/patches/CVE-2014-0476.patch
@@ -0,0 +1,13 @@
+Index: chkrootkit/chkrootkit
+===================================================================
+--- chkrootkit.orig/chkrootkit
++++ chkrootkit/chkrootkit
+@@ -117,7 +117,7 @@ slapper (){
+ fi
+ for i in ${SLAPPER_FILES}; do
+ if [ -f ${i} ]; then
+- file_port=$file_port $i
++ file_port="$file_port $i"
+ STATUS=1
+ fi
+ done
Acknowledgements:
Red Hat would like to thank Thomas Stangner for reporting this issue. ------------------------------------------------------------------------------- - ChangeLog:
* Wed Jun 4 2014 Jon Ciesla <limburgher@gmail.com> - 0.49-9 - Patch for CVE-2014-0476, BZ 1104456, 11044567. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1104456 - CVE-2014-0476 chkrootkit: local privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1104456 [ 2 ] Bug #1104457 - CVE-2014-0476 chkrootkit: local privilege escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1104457 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update chkrootkit' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|