Date: Mon, 24 Feb 2014 15:44:24 -0700 From: "Vincent Danen" <vdanen@...hat.com> To: "OSS Security List" <oss-security@...ts.openwall.com> Subject: CVE request for catfish program Just copying and pasting from our bug. Could a CVE be assigned to this please? A Debian bug report indicated that catfish suffers from some bad logic when loading the catfish.py script from the /usr/bin/catfish script. This script intentionally looks to load catfish.py in the current working directory. If a user were to run catfish in an untrusted directory that contained a malicious catfish.py, that script would be executed with the privileges of the user running catfish. This script: #!/usr/bin/env bash APPNAME=catfish if [ -e $APPNAME.py ] then python $APPNAME.py "$@" else if [ -e $APPNAME.py ] then python $APPNAME.py "$@" else cd /usr/share/$APPNAME if [ -e $APPNAME.py ] then python $APPNAME.py "$@" else python $APPNAME.py "$@" fi fi fi should probably be: #!/bin/sh python /usr/share/catfish.py "$@" The rest is just development fluff and very poorly written. References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958 https://bugzilla.redhat.com/show_bug.cgi?id=1069396 -- Vincent Danen / Red Hat Security Response Team [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ