CVE-2014-0039
fwsnort < 1.6.4 - Untrusted Search Path Vulnerability via fwsnort.conf
Title source: llmDescription
Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.
References (7)
Core 7
Core References
Various Sources x_refsource_confirm
https://github.com/mrash/fwsnort/blob/master/ChangeLog
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128188.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128205.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102822
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65341
Exploit, Patch x_refsource_confirm
https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/221
Scores
EPSS
0.0060
EPSS Percentile
44.3%
Details
Status
published
Products (25)
cipherdyne/fwsnort
0.5
cipherdyne/fwsnort
0.6
cipherdyne/fwsnort
0.6.1
cipherdyne/fwsnort
0.6.2
cipherdyne/fwsnort
0.6.3
cipherdyne/fwsnort
0.6.4
cipherdyne/fwsnort
0.6.5
cipherdyne/fwsnort
0.7.0
cipherdyne/fwsnort
0.8.0
cipherdyne/fwsnort
0.8.1
... and 15 more
Published
Feb 08, 2014
Tracked Since
Feb 18, 2026