Vulnerability Description
Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.
CVSS Score
4.4
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cipherdyne | Fwsnort | <= 1.6.4 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128188.h
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128205.h
- http://osvdb.org/102822
- http://seclists.org/oss-sec/2014/q1/221
- http://www.securityfocus.com/bid/65341
- https://github.com/mrash/fwsnort/blob/master/ChangeLog
- https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348ExploitPatch
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128188.h
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128205.h
- http://osvdb.org/102822
- http://seclists.org/oss-sec/2014/q1/221
- http://www.securityfocus.com/bid/65341
- https://github.com/mrash/fwsnort/blob/master/ChangeLog
- https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348ExploitPatch
FAQ
What is CVE-2014-0039?
CVE-2014-0039 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.
How severe is CVE-2014-0039?
CVE-2014-0039 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0039?
Check the references section above for vendor advisories and patch information. Affected products include: Cipherdyne Fwsnort.