CVE-2014-8169

Sažetak

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1192565
https://bugzilla.suse.com/show_bug.cgi?id=917977
http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html
http://rhn.redhat.com/errata/RHSA-2015-1344.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/73211
http://www.ubuntu.com/usn/USN-2579-1

CVSS

Base:	4.4
Impact:	6.4
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-02-2023 - 00:44

Objavljeno

18-03-2015 - 16:59