UBUNTU-CVE-2014-8169

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2014-8169
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-8169.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-8169
Related
Published
2015-03-18T00:00:00Z
Modified
2025-01-13T10:21:07Z
Summary
[none]
Details

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

References

Affected packages

Ubuntu:14.04:LTS / autofs

Package

Name
autofs
Purl
pkg:deb/ubuntu/autofs@5.0.7-3ubuntu3.1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.7-3ubuntu3.1

Affected versions

5.*

5.0.7-3ubuntu1
5.0.7-3ubuntu2
5.0.7-3ubuntu3

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.0.7-3ubuntu3.1",
            "binary_name": "autofs"
        },
        {
            "binary_version": "5.0.7-3ubuntu3.1",
            "binary_name": "autofs-hesiod"
        },
        {
            "binary_version": "5.0.7-3ubuntu3.1",
            "binary_name": "autofs-ldap"
        },
        {
            "binary_version": "5.0.7-3ubuntu3.1",
            "binary_name": "autofs5"
        },
        {
            "binary_version": "5.0.7-3ubuntu3.1",
            "binary_name": "autofs5-hesiod"
        },
        {
            "binary_version": "5.0.7-3ubuntu3.1",
            "binary_name": "autofs5-ldap"
        }
    ]
}