CVE-2014-2095

Name of the Vulnerable Software and Affected Versions Catfish versions 0.6.0 through 1.0.0 Catfish versions prior to 1.0.2

Description The issue concerns multiple vulnerabilities in the Catfish package, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. Specifically, an untrusted search path vulnerability allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.

Recommendations For Catfish versions 0.6.0 through 1.0.0, update to version 1.0.2 or later to resolve the issue. For Catfish versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the bin/catfish.pyc file to minimize the risk of exploitation.