oss-sec mailing list archives
CVE request for catfish program
From: "Vincent Danen" <vdanen () redhat com>
Date: Mon, 24 Feb 2014 15:44:24 -0700
Just copying and pasting from our bug. Could a CVE be assigned to this please? A Debian bug report indicated that catfish suffers from some bad logic when loading the catfish.py script from the /usr/bin/catfish script. This script intentionally looks to load catfish.py in the current working directory. If a user were to run catfish in an untrusted directory that contained a malicious catfish.py, that script would be executed with the privileges of the user running catfish. This script: #!/usr/bin/env bash APPNAME=catfish if [ -e $APPNAME.py ] then python $APPNAME.py "$@" else if [ -e $APPNAME.py ] then python $APPNAME.py "$@" else cd /usr/share/$APPNAME if [ -e $APPNAME.py ] then python $APPNAME.py "$@" else python $APPNAME.py "$@" fi fi fi should probably be: #!/bin/sh python /usr/share/catfish.py "$@" The rest is just development fluff and very poorly written. References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958 https://bugzilla.redhat.com/show_bug.cgi?id=1069396 -- Vincent Danen / Red Hat Security Response Team
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for catfish program Vincent Danen (Feb 24)
- Re: CVE request for catfish program cve-assign (Feb 25)
- Re: CVE request for catfish program Vincent Danen (Feb 25)
- Re: CVE request for catfish program cve-assign (Feb 25)
- Re: CVE request for catfish program Vincent Danen (Feb 25)
- Re: CVE request for catfish program Vincent Danen (Feb 25)
- Re: CVE request for catfish program cve-assign (Feb 25)