CVE-2013-1874

Severity

44%

Complexity

34%

Confidentiality

106%

CWE-426: Untrusted Search Path

Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

CWE-426: Untrusted Search Path

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 10 years ago

2014-09-29 22:55:00

Last updated 7 years ago

2017-08-29 01:33:00

Affected Software

call-cc CHICKEN 4.8.0

4.8.0

call-cc CHICKEN 4.8.0 release candidate 1 snapshot

4.8.0

call-cc CHICKEN 4.8.0 release candidate 2 snapshot

4.8.0

call-cc CHICKEN 4.8.0 release candidate 3 snapshot

4.8.0

call-cc CHICKEN 4.8.0 release candidate 4 snapshot

4.8.0

call-cc CHICKEN 4.8.0.1

4.8.0.1

call-cc CHICKEN 4.8.0.2

4.8.0.2

call-cc CHICKEN 4.8.0.3

4.8.0.3

call-cc CHICKEN 4.8.0.4

4.8.0.4

call-cc CHICKEN 4.8.0.5

4.8.0.5

call-cc CHICKEN 4.8.0.6

4.8.0.6

call-cc CHICKEN 4.8.0.7

4.8.0.7

References

http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd;hb=c6750af99ada7fa4815ee834e4e705bcfac9c137

[oss-security] 20130319 Untrusted startup file inclusion in Chicken Scheme

91520

58583

chicken-cve20131874-csirc-code-execution(85065)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.