SB2014081302 - Gentoo update for Catfish
Published: August 13, 2014 Updated: September 25, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2014-2093)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
2) Input validation error (CVE-ID: CVE-2014-2094)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory.
3) Input validation error (CVE-ID: CVE-2014-2095)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
4) Input validation error (CVE-ID: CVE-2014-2096)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
Remediation
Install update from vendor's website.