CVE-2014-0039 Information

Description

Untrusted search path vulnerability in fwsnort before 1.6.4 when not running as root allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128188.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128205.html http://osvdb.org/102822 http://seclists.org/oss-sec/2014/q1/221 http://www.securityfocus.com/bid/65341 https://github.com/mrash/fwsnort/blob/master/ChangeLog https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348