CVE-2014-0039

Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
cipherdynefwsnort
𝑥
≤ 1.6.4
cipherdynefwsnort
0.5
cipherdynefwsnort
0.6
cipherdynefwsnort
0.6.1
cipherdynefwsnort
0.6.2
cipherdynefwsnort
0.6.3
cipherdynefwsnort
0.6.4
cipherdynefwsnort
0.6.5
cipherdynefwsnort
0.7.0
cipherdynefwsnort
0.8.0
cipherdynefwsnort
0.8.1
cipherdynefwsnort
0.8.2
cipherdynefwsnort
0.9.0
cipherdynefwsnort
1.0
cipherdynefwsnort
1.0.1
cipherdynefwsnort
1.0.2
cipherdynefwsnort
1.0.3
cipherdynefwsnort
1.0.4
cipherdynefwsnort
1.0.5
cipherdynefwsnort
1.0.6
cipherdynefwsnort
1.5
cipherdynefwsnort
1.6
cipherdynefwsnort
1.6.1
cipherdynefwsnort
1.6.2
cipherdynefwsnort
1.6.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
fwsnort
bookworm
1.6.8-1
fixed
bullseye
1.6.8-1
fixed
sid
1.6.8-1
fixed
trixie
1.6.8-1
fixed
wheezy
no-dsa
squeeze
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fwsnort
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
quantal
ignored
precise
ignored
lucid
ignored
References
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128188.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128205.html
http://osvdb.org/102822
http://seclists.org/oss-sec/2014/q1/221
http://www.securityfocus.com/bid/65341
https://github.com/mrash/fwsnort/blob/master/ChangeLog
https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128188.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128205.html
http://osvdb.org/102822
http://seclists.org/oss-sec/2014/q1/221
http://www.securityfocus.com/bid/65341
https://github.com/mrash/fwsnort/blob/master/ChangeLog
https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348