oss-sec mailing list archives
CVE request for catfish program
From: "Vincent Danen" <vdanen () redhat com>
Date: Mon, 24 Feb 2014 15:44:24 -0700
Just copying and pasting from our bug. Could a CVE be assigned to this please?
A Debian bug report indicated that catfish suffers from some bad logic when loading the catfish.py script from the
/usr/bin/catfish script. This script intentionally looks to load catfish.py in the current working directory. If a
user were to run catfish in an untrusted directory that contained a malicious catfish.py, that script would be executed
with the privileges of the user running catfish.
This script:
#!/usr/bin/env bash
APPNAME=catfish
if [ -e $APPNAME.py ]
then python $APPNAME.py "$@"
else
if [ -e $APPNAME.py ]
then python $APPNAME.py "$@"
else
cd /usr/share/$APPNAME
if [ -e $APPNAME.py ]
then python $APPNAME.py "$@"
else
python $APPNAME.py "$@"
fi
fi
fi
should probably be:
#!/bin/sh
python /usr/share/catfish.py "$@"
The rest is just development fluff and very poorly written.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958
https://bugzilla.redhat.com/show_bug.cgi?id=1069396
--
Vincent Danen / Red Hat Security Response TeamAttachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for catfish program Vincent Danen (Feb 24)
- Re: CVE request for catfish program cve-assign (Feb 25)
- Re: CVE request for catfish program Vincent Danen (Feb 25)
- Re: CVE request for catfish program cve-assign (Feb 25)
- Re: CVE request for catfish program Vincent Danen (Feb 25)
- Re: CVE request for catfish program Vincent Danen (Feb 25)
- Re: CVE request for catfish program cve-assign (Feb 25)