Unrated severityNVD Advisory· Published Mar 18, 2015· Updated May 6, 2026

CVE-2014-8169

Description

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

Affected products

Automount Project/Automount
cpe:2.3:a:automount_project:automount:5.0.8:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Hpc Node
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-updates/2015-03/msg00033.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1344.htmlnvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
bugzilla.suse.com/show_bug.cginvdIssue Tracking
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvd
www.securityfocus.com/bid/73211nvd
www.ubuntu.com/usn/USN-2579-1nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000