Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Feb 2014 15:44:24 -0700
From: "Vincent Danen" <vdanen@...hat.com>
To: "OSS Security List" <oss-security@...ts.openwall.com>
Subject: CVE request for catfish program

Just copying and pasting from our bug.  Could a CVE be assigned to this please?

A Debian bug report indicated that catfish suffers from some bad logic when loading the catfish.py script from the /usr/bin/catfish script.  This script intentionally looks to load catfish.py in the current working directory.  If a user were to run catfish in an untrusted directory that contained a malicious catfish.py, that script would be executed with the privileges of the user running catfish.

This script:

#!/usr/bin/env bash

APPNAME=catfish

if [ -e $APPNAME.py ]
    then python $APPNAME.py "$@"
    else
        if [ -e $APPNAME.py ]
            then python $APPNAME.py "$@"
            else
                cd /usr/share/$APPNAME
                if [ -e $APPNAME.py ]
                    then python $APPNAME.py "$@"
                    else
                        python $APPNAME.py "$@"
                fi
        fi
    fi

should probably be:

#!/bin/sh
python /usr/share/catfish.py "$@"

The rest is just development fluff and very poorly written.


References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958
https://bugzilla.redhat.com/show_bug.cgi?id=1069396

-- 
Vincent Danen / Red Hat Security Response Team
Download attachment "signature.asc" of type "application/pgp-signature" (711 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ