CVE-2014-2093

Name of the Vulnerable Software and Affected Versions Catfish versions prior to 1.0.2 Catfish versions through 0.4.0.3

Description The issue concerns multiple vulnerabilities in the Catfish package that can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. Specifically, there is an untrusted search path vulnerability that allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.

Recommendations For Catfish versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. For Catfish versions through 0.4.0.3, consider restricting access to the catfish.py file in the current working directory to minimize the risk of exploitation until a patch is available.