Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Catfish | Catfish_project | 0.6.0 (including) | 0.6.0 (including) |
Catfish | Catfish_project | 0.6.1 (including) | 0.6.1 (including) |
Catfish | Catfish_project | 0.6.2 (including) | 0.6.2 (including) |
Catfish | Catfish_project | 0.6.3 (including) | 0.6.3 (including) |
Catfish | Catfish_project | 0.6.4 (including) | 0.6.4 (including) |
Catfish | Catfish_project | 0.8.0 (including) | 0.8.0 (including) |
Catfish | Catfish_project | 0.8.1 (including) | 0.8.1 (including) |
Catfish | Catfish_project | 0.8.2 (including) | 0.8.2 (including) |
Catfish | Catfish_project | 1.0.0 (including) | 1.0.0 (including) |
Catfish | Ubuntu | lucid | * |
Catfish | Ubuntu | precise | * |
Catfish | Ubuntu | quantal | * |
Catfish | Ubuntu | saucy | * |
Catfish | Ubuntu | upstream | * |
Catfish | Ubuntu | utopic | * |
Catfish | Ubuntu | vivid | * |
Catfish | Ubuntu | wily | * |