Vulnerability DatabaseCVE-2014-8169
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-8169
Published:March 18, 2015
Updated:May 07, 2026
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
Related Resources (10)
https://bugzilla.suse.com/show_bug.cgi?id=917977
http://www.ubuntu.com/usn/USN-2579-1
http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://rhn.redhat.com/errata/RHSA-2015-1344.html
http://www.securityfocus.com/bid/73211
https://bugzilla.redhat.com/show_bug.cgi?id=1192565
https://security-tracker.debian.org/tracker/CVE-2014-8169
https://people.canonical.com/~ubuntu-security/cve/CVE-2014-8169
https://access.redhat.com/security/cve/CVE-2014-8169
Do you need more information?
Contact Us
CVSS v3
Base Score:
4.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
4.4
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
0.11