CVE-2014-8169
Description
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling users USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
Risk Information
Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.11
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2015:1344) Moderate: autofs security and bug fix update autofs-5.0.5-113.el6.i686.rpm | Linux |
| (RHSA-2015:1344) Moderate: autofs security and bug fix update autofs-5.0.5-113.el6.x86_64.rpm | Linux |
| (RHSA-2015:2417) Moderate: autofs security, bug fix and enhancement update autofs-5.0.7-54.el7.x86_64.rpm | Linux |
| SUSE-SU-2015:1020-1(SUSE Linux Enterprise Desktop 12 ) autofs-5.0.9-8.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1020-1(SUSE Linux Enterprise Desktop 12 ) autofs-debuginfo-5.0.9-8.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1020-1(SUSE Linux Enterprise Desktop 12 ) autofs-debugsource-5.0.9-8.1.x86_64.rpm | Linux |
| (RHSA-2015:2417)Moderate: security, bug fix and enhancement update autofs-debuginfo-5.0.7-54.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234