Candidate: CVE-2009-0854
PublicDate: 2009-03-11 14:19:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0854
 https://ubuntu.com/security/notices/USN-732-1
Description:
 Untrusted search path vulnerability in dash 0.5.4, when used as a login
 shell, allows local users to execute arbitrary code via a Trojan horse
 .profile file in the current working directory.
Ubuntu-Description:
Notes:
 jdstrand> Ubuntu specific patch to implement -l
Bugs:
Priority: high
Discovered-by:
Assigned-to:
CVSS: 

Patches_dash:
upstream_dash: released (0.5.4-12ubuntu2)
dapper_dash: not-affected
gutsy_dash: not-affected
hardy_dash: released (0.5.4-8ubuntu1.1)
intrepid_dash: released (0.5.4-9ubuntu1.1)
devel_dash: not-affected (0.5.4-12ubuntu2)