CVE-2014-2096

Name of the Vulnerable Software and Affected Versions Catfish versions 0.6.0 through 1.0.0 Catfish versions prior to 1.0.2

Description The issue concerns multiple vulnerabilities in the Catfish package, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. A specific vulnerability involves an untrusted search path in Catfish, allowing local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.

Recommendations For Catfish versions 0.6.0 through 1.0.0, update to version 1.0.2 or later to resolve the issue. For Catfish versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the bin/catfish.py file to minimize the risk of exploitation.