Login Sign Up

CVE-2014-6310

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2014-6310 is a buffer overflow vulnerability in CHICKEN Scheme's 'select' function that allows remote attackers to execute arbitrary code. This affects CHICKEN 4.9.0 and 4.9.0.1 installations. Users running vulnerable versions of CHICKEN Scheme are at risk of complete system compromise.

💻 Affected Systems

Products:
  • CHICKEN Scheme
Versions: 4.9.0 and 4.9.0.1
Operating Systems: All platforms running CHICKEN
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using the vulnerable 'select' function is affected. The vulnerability is in the CHICKEN runtime itself.

📦 What is this software?

Chicken by Call Cc

View all CVEs affecting Chicken →

Chicken by Call Cc

View all CVEs affecting Chicken →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker gains full control of the system, executes arbitrary code with application privileges, and potentially escalates to root/system privileges.

🟠

Likely Case

Remote code execution leading to data theft, system compromise, and lateral movement within the network.

🟢

If Mitigated

If properly patched or isolated, impact is limited to denial of service at most.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Buffer overflow vulnerabilities in widely used functions like 'select' are frequently weaponized. Public exploit code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.9.0.2 and later

Vendor Advisory: https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html

Restart Required: Yes

Instructions:

1. Update CHICKEN to version 4.9.0.2 or later using your package manager. 2. Recompile any CHICKEN applications with the updated runtime. 3. Restart affected services.

🔧 Temporary Workarounds

Disable or restrict network access

linux

Limit network exposure of CHICKEN applications to reduce attack surface

iptables -A INPUT -p tcp --dport [PORT] -j DROP
ufw deny [PORT]

🧯 If You Can't Patch

  • Isolate vulnerable systems in separate network segments with strict firewall rules
  • Implement application-level input validation and sanitization for all 'select' function calls

🔍 How to Verify

Check if Vulnerable:

Check CHICKEN version: chicken --version or csi --version

Check Version:

chicken --version 2>/dev/null || csi --version 2>/dev/null || echo 'CHICKEN not found'

Verify Fix Applied:

Verify version is 4.9.0.2 or later and test 'select' function with boundary cases

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults in CHICKEN processes
  • Unusual process spawning from CHICKEN runtime

Network Indicators:

  • Unexpected network connections from CHICKEN applications
  • Exploit pattern matches in network traffic

SIEM Query:

process:chicken AND (event:segfault OR event:crash) OR process:csi AND event:anomalous_behavior

📊 Metadata

CVE ID: CVE-2014-6310
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: November 22, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2014-6310, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)