Follow @discotekdotca
CVE-2014-8169
Current Description
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
Basic Data
| Published | March 18, 2015 |
|---|---|
| Last Modified | October 30, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-264 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:L/AC:M/Au:N/C:P/I:P/A:P |
| CVSS 2 - Access Vector | LOCAL |
| CVSS 2 - Access Complexity | MEDIUM |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | PARTIAL |
| CVSS 2 - Availability Impact | PARTIAL |
| CVSS 2 - Base Score | 4.4 |
| Severity | MEDIUM |
| Exploitability Score | 3.4 |
| Impact Score | 6.4 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Redhat Enterprise Linux Desktop 6.0 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Hpc Node 6.0 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Server 6.0 * * * * * * * � � � � 2.3 OS Redhat Enterprise Linux Workstation 6.0 * * * * * * * � � � � -
AND
-
OR - Configuration 2
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Automount Project Automount 5.0.8 * * * * * * * � � � � -
OR Running on/with:
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Opensuse Opensuse 13.1 * * * * * * * � � � � 2.3 OS Opensuse Opensuse 13.2 * * * * * * * � � � �
-
OR - Configuration 2
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Automount Project | Automount | 5.0.8 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Hpc Node | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Opensuse | Opensuse | 13.1, 13.2 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| openSUSE-SU-2015:0475 | http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html | SUSE | Vendor Advisory |
| RHSA-2015:1344 | http://rhn.redhat.com/errata/RHSA-2015-1344.html | REDHAT | Third Party Advisory |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | CONFIRM | |
| 73211 | http://www.securityfocus.com/bid/73211 | BID | |
| USN-2579-1 | http://www.ubuntu.com/usn/USN-2579-1 | UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1192565 | https://bugzilla.redhat.com/show_bug.cgi?id=1192565 | CONFIRM | Issue Tracking |
| https://bugzilla.suse.com/show_bug.cgi?id=917977 | https://bugzilla.suse.com/show_bug.cgi?id=917977 | CONFIRM | Issue Tracking |