CVE-2014-0039

fwsnort < 1.6.4 - Untrusted Search Path Vulnerability via fwsnort.conf

Title source: llm
STIX 2.1

Description

Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.

References (7)

Core 7
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128188.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128205.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/102822
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65341
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/221

Scores

EPSS 0.0060
EPSS Percentile 44.3%

Details

Status published
Products (25)
cipherdyne/fwsnort 0.5
cipherdyne/fwsnort 0.6
cipherdyne/fwsnort 0.6.1
cipherdyne/fwsnort 0.6.2
cipherdyne/fwsnort 0.6.3
cipherdyne/fwsnort 0.6.4
cipherdyne/fwsnort 0.6.5
cipherdyne/fwsnort 0.7.0
cipherdyne/fwsnort 0.8.0
cipherdyne/fwsnort 0.8.1
... and 15 more
Published Feb 08, 2014
Tracked Since Feb 18, 2026