4.4

CVE-2014-8169

EPSS 0.11%
Veröffentlicht 18.03.2015 16:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Hpc Node Version6.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Automount Project ≫ Automount Version5.0.8

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.3

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1344.html

Third Party Advisory

http://www.securityfocus.com/bid/73211

http://www.ubuntu.com/usn/USN-2579-1

https://bugzilla.redhat.com/show_bug.cgi?id=1192565

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=917977

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2014-8169

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-8169

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-8169

EUVD