PT-2015-4024 · Automount+3 · Automount+3

Publicado

2015-03-02

Atualizado

2024-06-15

CVE-2014-8169

CVSS v2.0

4.4

Média

Vetor

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions automount version 5.0.8

Description The issue allows local users to gain privileges via a Trojan horse program in the user home directory. This occurs when a program map uses certain interpreted languages and the calling user's USER and HOME environment variable values are used instead of the values for the user used to run the mapped program.

Recommendations For automount version 5.0.8, consider restricting access to the program map that uses interpreted languages until a fix is available, and ensure that the USER and HOME environment variables are properly set for the user running the mapped program to prevent privilege escalation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CESA-2015_1344

CESA-2015_2417

CVE-2014-8169

OPENSUSE-SU-2024:10319-1

RHSA-2015:1344

RHSA-2015:2417

RHSA-2015_1344

RHSA-2015_2417

SUSE-SU-2015:1020-1

SUSE-SU-2015_1020-1

USN-2579-1

Produtos afetados

Centos

Red Hat

Suse

Automount

PT-2015-4024 · Automount+3 · Automount+3

CVE-2014-8169

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43