CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

References

Affected packages

Debian:11 / autofs

Package

Name: autofs
Purl: pkg:deb/debian/autofs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.8-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / autofs

Package

Name: autofs
Purl: pkg:deb/debian/autofs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.8-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / autofs

Package

Name: autofs
Purl: pkg:deb/debian/autofs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.8-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}