Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fwsnort | Cipherdyne | 0.5 | 0.5 |
| Fwsnort | Cipherdyne | 0.6 | 0.6 |
| Fwsnort | Cipherdyne | 0.6.1 | 0.6.1 |
| Fwsnort | Cipherdyne | 0.6.2 | 0.6.2 |
| Fwsnort | Cipherdyne | 0.6.3 | 0.6.3 |
| Fwsnort | Cipherdyne | 0.6.4 | 0.6.4 |
| Fwsnort | Cipherdyne | 0.6.5 | 0.6.5 |
| Fwsnort | Cipherdyne | 0.7.0 | 0.7.0 |
| Fwsnort | Cipherdyne | 0.8.0 | 0.8.0 |
| Fwsnort | Cipherdyne | 0.8.1 | 0.8.1 |
| Fwsnort | Cipherdyne | 0.8.2 | 0.8.2 |
| Fwsnort | Cipherdyne | 0.9.0 | 0.9.0 |
| Fwsnort | Cipherdyne | 1.0 | 1.0 |
| Fwsnort | Cipherdyne | 1.0.1 | 1.0.1 |
| Fwsnort | Cipherdyne | 1.0.2 | 1.0.2 |
| Fwsnort | Cipherdyne | 1.0.3 | 1.0.3 |
| Fwsnort | Cipherdyne | 1.0.4 | 1.0.4 |
| Fwsnort | Cipherdyne | 1.0.5 | 1.0.5 |
| Fwsnort | Cipherdyne | 1.0.6 | 1.0.6 |
| Fwsnort | Cipherdyne | 1.5 | 1.5 |
| Fwsnort | Cipherdyne | 1.6 | 1.6 |
| Fwsnort | Cipherdyne | 1.6.1 | 1.6.1 |
| Fwsnort | Cipherdyne | 1.6.2 | 1.6.2 |
| Fwsnort | Cipherdyne | 1.6.3 | 1.6.3 |
| Fwsnort | Cipherdyne | * | 1.6.4 |
| Fwsnort | Ubuntu | artful | * |
| Fwsnort | Ubuntu | lucid | * |
| Fwsnort | Ubuntu | precise | * |
| Fwsnort | Ubuntu | quantal | * |
| Fwsnort | Ubuntu | saucy | * |
| Fwsnort | Ubuntu | trusty | * |
| Fwsnort | Ubuntu | utopic | * |
| Fwsnort | Ubuntu | vivid | * |
| Fwsnort | Ubuntu | wily | * |
| Fwsnort | Ubuntu | yakkety | * |
| Fwsnort | Ubuntu | zesty | * |