4.4

CVE-2014-8169

EPSS 0.11%
Published 18.03.2015 16:59:00
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Hpc Node Version6.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Automount Project ≫ Automount Version5.0.8

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.3

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1344.html

Third Party Advisory

http://www.securityfocus.com/bid/73211

http://www.ubuntu.com/usn/USN-2579-1

https://bugzilla.redhat.com/show_bug.cgi?id=1192565

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=917977

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2014-8169

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-8169

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-8169

EUVD