PT-2015-4024 · Automount+3 · Automount+3

Published

2015-03-02

Updated

2024-06-15

CVE-2014-8169

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions automount version 5.0.8

Description The issue allows local users to gain privileges via a Trojan horse program in the user home directory. This occurs when a program map uses certain interpreted languages and the calling user's USER and HOME environment variable values are used instead of the values for the user used to run the mapped program.

Recommendations For automount version 5.0.8, consider restricting access to the program map that uses interpreted languages until a fix is available, and ensure that the USER and HOME environment variables are properly set for the user running the mapped program to prevent privilege escalation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2015_1344

CESA-2015_2417

CVE-2014-8169

OPENSUSE-SU-2024:10319-1

RHSA-2015:1344

RHSA-2015:2417

RHSA-2015_1344

RHSA-2015_2417

SUSE-SU-2015:1020-1

SUSE-SU-2015_1020-1

USN-2579-1

Affected Products

Centos

Red Hat

Suse

Automount

PT-2015-4024 · Automount+3 · Automount+3

CVE-2014-8169

Weakness Enumeration

Related Identifiers

Affected Products

References · 43