Lucene search
Ubuntu.comUB:CVE-2014-8169HistoryMar 18, 2015 - 12:00 a.m.
CVE-2014-8169
2015-03-1800:00:00
ubuntu.com
ubuntu.com
7
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
automount 5.0.8, when a program map uses certain interpreted languages,
uses the calling user’s USER and HOME environment variable values instead
of the values for the user used to run the mapped program, which allows
local users to gain privileges via a Trojan horse program in the user home
directory.
Bugs
Notes
| Author | Note |
|---|---|
| tyhicks | See Debian bug for patches backported to 5.0.8 |
| mdeslaur | introduced by the following commit in 5.0.8: https://git.kernel.org/cgit/linux/storage/autofs/autofs.git/commit/?id=93eff4558659f509edc46562208ae3c452949e77 |
Related
oraclelinux
oraclelinux
autofs security, bug fix and enhancement update
2015-11-23 00:00:00
autofs security and bug fix update
2015-07-28 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-1344)
2015-10-06 00:00:00
RedHat Update for autofs RHSA-2015:1344-01
2015-07-23 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-626)
2015-12-15 00:00:00
nessus
nessus
Scientific Linux Security Update : autofs on SL6.x i386/x86_64 (20150722)
2015-08-04 00:00:00
Oracle Linux 7 : autofs (ELSA-2015-2417)
2015-11-24 00:00:00
Oracle Linux 6 : autofs (ELSA-2015-1344)
2015-07-30 00:00:00
amazon
amazon
Medium: autofs
2015-12-14 10:00:00
redhat
redhat
(RHSA-2015:1344) Moderate: autofs security and bug fix update
2015-07-22 00:00:00
(RHSA-2015:2417) Moderate: autofs security, bug fix and enhancement update
2015-11-19 13:46:50
debiancve
debiancve
CVE-2014-8169
2015-03-18 16:59:00
f5
f5
K48720227 : autofs priv escalation vulnerability CVE-2014-8169
2017-07-19 00:00:00
securityvulns
securityvulns
automount privilege escalation
2015-05-05 00:00:00
[USN-2579-1] autofs vulnerability
2015-05-05 00:00:00
ibm
ibm
ubuntu
ubuntu
autofs vulnerability
2015-04-27 00:00:00
cve
cve
CVE-2014-8169
2015-03-18 16:59:00
centos
centos
autofs security update
2015-07-26 14:11:56
autofs security update
2015-11-30 19:23:16
veracode
veracode
Privilege Escalation
2019-01-15 09:06:40
prion
prion
Directory traversal
2015-03-18 16:59:00
cvelist
cvelist
CVE-2014-8169
2015-03-18 16:00:00
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
Related for UB:CVE-2014-8169