CVE-2013-1874 - Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arb

CVE-2013-1874

Summary

Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. <a href = http://cwe.mitre.org/data/definitions/426.html> CWE-426: Untrusted Search Path </a>

References

Vulnerable Configurations

cpe:2.3:a:call-cc:chicken:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:rc3:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:rc3:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:rc4:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:rc4:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:-:*:*:*:*:*:x64:*
cpe:2.3:a:call-cc:chicken:-:*:*:*:*:*:x64:*
cpe:2.3:a:call-cc:chicken:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.7:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.5.7:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.5:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.7:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.6.7:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.4:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.7.4:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.0:*:*:*:*:*:x64:*
cpe:2.3:a:call-cc:chicken:4.8.0:*:*:*:*:*:x64:*
cpe:2.3:a:call-cc:chicken:4.8.0.1:*:*:*:*:*:x64:*
cpe:2.3:a:call-cc:chicken:4.8.0.1:*:*:*:*:*:x64:*
cpe:2.3:a:call-cc:chicken:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:call-cc:chicken:4.8.1:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 29-08-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	58583
confirm	http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd;hb=c6750af99ada7fa4815ee834e4e705bcfac9c137
mlist	[oss-security] 20130319 Untrusted startup file inclusion in Chicken Scheme
osvdb	91520
xf	chicken-cve20131874-csirc-code-execution(85065)

Last major update

29-08-2017 - 01:33

Published

29-09-2014 - 22:55

Last modified

29-08-2017 - 01:33