CVE Vulnerabilities

CVE-2014-2095

Published: Feb 26, 2014 | Modified: Mar 11, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.

Affected Software

Name Vendor Start Version End Version
Catfish Catfish_project 0.6.0 (including) 0.6.0 (including)
Catfish Catfish_project 0.6.1 (including) 0.6.1 (including)
Catfish Catfish_project 0.6.2 (including) 0.6.2 (including)
Catfish Catfish_project 0.6.3 (including) 0.6.3 (including)
Catfish Catfish_project 0.6.4 (including) 0.6.4 (including)
Catfish Catfish_project 0.8.0 (including) 0.8.0 (including)
Catfish Catfish_project 0.8.1 (including) 0.8.1 (including)
Catfish Catfish_project 0.8.2 (including) 0.8.2 (including)
Catfish Catfish_project 1.0.0 (including) 1.0.0 (including)
Catfish Ubuntu lucid *
Catfish Ubuntu precise *
Catfish Ubuntu quantal *
Catfish Ubuntu saucy *
Catfish Ubuntu upstream *
Catfish Ubuntu utopic *
Catfish Ubuntu vivid *
Catfish Ubuntu wily *

References