Your submission was sent successfully! Close

CVE-2009-0854

Published: 11 March 2009

Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.

Priority

High

Status

Package Release Status
dash
Launchpad, Ubuntu, Debian
dapper Not vulnerable

gutsy Not vulnerable

hardy
Released (0.5.4-8ubuntu1.1)
intrepid
Released (0.5.4-9ubuntu1.1)
upstream
Released (0.5.4-12ubuntu2)