CVE-2009-0854 - OpenCVE

Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Dash	Dash

Configuration 1 [-]

cpe:2.3:a:dash:dash:0.5.4:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/34205
http://www.securityfocus.com/bid/34092
http://www.ubuntu.com/usn/USN-732-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/49216

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2009-03-11T14:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-03-09T00:00:00

Link: CVE-2009-0854

JSON object: View

NVD Information

Status : Modified

Published: 2009-03-11T14:19:15.390

Modified: 2017-08-17T01:30:03.223

Link: CVE-2009-0854

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-03-10T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "34092", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34092"}, {"name": "USN-732-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-732-1"}, {"name": "dash-profile-code-execution(49216)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49216"}, {"name": "34205", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34205"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2009-0854", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "34092", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34092"}, {"name": "USN-732-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-732-1"}, {"name": "dash-profile-code-execution(49216)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49216"}, {"name": "34205", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34205"}]}}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2009-0854", "datePublished": "2009-03-11T14:00:00", "dateReserved": "2009-03-09T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}