← Back

CVE-2014-8169

nvd nist
Published: Mar 18, 2015Modified: May 6, 2026

JSON object

Loading...
4.4
Vector
AV:L/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 3.4 / Impact: 6.4
Source: NVD

Description

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

Affected (7)

Redhat
4 products
Enterprise Linux Desktop
Enterprise Linux Hpc Node
Enterprise Linux Server
Enterprise Linux Workstation
Automount Project
1 product
Automount
Opensuse
1 product
Opensuse
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Hpc Node
Version 6.0
Enterprise Linux Server
Version 6.0
Enterprise Linux Workstation
Version 6.0
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Automount
Version 5.0.8
Opensuse
Opensuse
Version 13.1
Opensuse
Version 13.2

Related CWEs

CWE-264
CWE-264

References (14)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Issue Tracking
Source: secalert@redhat.com
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking

Timeline

No history available yet.