CVE-2014-8169
Last modified
CVE-2014-8169 is a vulnerability of currently unknown severity. automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Hpc Node | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Automount Project | Automount | 5.0.8 |
| Opensuse | Opensuse | 13.1 |
| Opensuse | Opensuse | 13.2 |
References
- http://rhn.redhat.com/errata/RHSA-2015-1344.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1192565Issue Tracking
- https://bugzilla.suse.com/show_bug.cgi?id=917977Issue Tracking
- http://rhn.redhat.com/errata/RHSA-2015-1344.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1192565Issue Tracking
- https://bugzilla.suse.com/show_bug.cgi?id=917977Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-8169?
How severe is CVE-2014-8169?
How do I fix CVE-2014-8169?
Are you affected by CVE-2014-8169?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST