Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8169

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2014-8169
Last Modified 25 Aug 2015 09:59:37
Published 18 Mar 2015 12:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8169

Summary

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Automount Project Automount 5.0.8


References

CONFIRM - https://bugzilla.suse.com/show_bug.cgi?id=917977

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1192565

SUSE - openSUSE-SU-2015:0475

REDHAT - RHSA-2015:1344


Last Updated: 27 May 2016 11:08:08