Lucene search

K
ubuntuUbuntuUSN-2579-1
HistoryApr 27, 2015 - 12:00 a.m.

autofs vulnerability

2015-04-2700:00:00
ubuntu.com
41

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

5.1%

Releases

  • Ubuntu 14.10

Packages

  • autofs - kernel-based automounter for Linux

Details

It was discovered that autofs incorrectly filtered environment variables
when using program maps. When program maps were configured, a local user
could use this issue to escalate privileges.

This update changes the default behaviour by adding a prefix to environment
variables. Sites using program maps will need to adapt to the new variable
names, or revert to the previous names by using a new configuration option
called FORCE_STANDARD_PROGRAM_MAP_ENV.

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchautofs< 5.0.8-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchautofs-hesiod< 5.0.8-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchautofs-ldap< 5.0.8-1ubuntu1.1UNKNOWN

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

5.1%