Vulnerability Description
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Hpc Node | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Automount Project | Automount | 5.0.8 |
| Opensuse | Opensuse | 13.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1344.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h
- http://www.securityfocus.com/bid/73211
- http://www.ubuntu.com/usn/USN-2579-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1192565Issue Tracking
- https://bugzilla.suse.com/show_bug.cgi?id=917977Issue Tracking
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1344.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h
- http://www.securityfocus.com/bid/73211
- http://www.ubuntu.com/usn/USN-2579-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1192565Issue Tracking
- https://bugzilla.suse.com/show_bug.cgi?id=917977Issue Tracking
FAQ
What is CVE-2014-8169?
CVE-2014-8169 is a vulnerability with a CVSS score of 4.4 (MEDIUM). automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped prog...
How severe is CVE-2014-8169?
CVE-2014-8169 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8169?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Automount Project Automount.