csaf_redhat - rhsa-2015

rhsa-2015_1344

Vulnerability from csaf_redhat

Published

2015-07-20 13:59

Modified

2024-11-22 08:54

Summary

Red Hat Security Advisory: autofs security and bug fix update

Notes

Topic

Updated autofs packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The autofs utility controls the operation of the automount daemon. The daemon automatically mounts file systems when in use and unmounts them when they are not busy. It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. (CVE-2014-8169) Note: This issue has been fixed by adding the "AUTOFS_" prefix to the affected environment variables so that they are not used to subvert the system. A configuration option ("force_standard_program_map_env") to override this prefix and to use the environment variables without the prefix has been added. In addition, warnings have been added to the manual page and to the installed configuration file. Now, by default the standard variables of the program map are provided only with the prefix added to its name. Red Hat would like to thank the Georgia Institute of Technology for reporting this issue. Bug fixes: * If the "ls *" command was executed before a valid mount, the autofs program failed on further mount attempts inside the mount point, whether the mount point was valid or not. While attempting to mount, the "ls *" command of the root directory of an indirect mount was executed, which led to an attempt to mount "*", causing it to be added to the negative map entry cache. This bug has been fixed by checking for and not adding "*" while updating the negative map entry cache. (BZ#1163957) * The autofs program by design did not mount host map entries that were duplicate exports in an NFS server export list. The duplicate entries in a multi-mount map entry were recognized as a syntax error and autofs refused to perform mounts when the duplicate entries occurred. Now, autofs has been changed to continue mounting the last seen instance of the duplicate entry rather than fail, and to report the problem in the log files to alert the system administrator. (BZ#1124083) * The autofs program did not recognize the yp map type in the master map. This was caused by another change in the master map parser to fix a problem with detecting the map format associated with mapping the type in the master map. The change led to an incorrect length for the type comparison of yp maps that resulted in a match operation failure. This bug has been fixed by correcting the length which is used for the comparison. (BZ#1153130) * The autofs program did not update the export list of the Sun-format maps of the network shares exported from an NFS server. This happened due to a change of the Sun-format map parser leading to the hosts map update to stop working on the map re-read operation. The bug has been now fixed by selectively preventing this type of update only for the Sun-formatted maps. The updates of the export list on the Sun-format maps are now visible and refreshing of the export list is no longer supported for the Sun-formatted hosts map. (BZ#1156387) * Within changes made for adding of the Sun-format maps, an incorrect check was added that caused a segmentation fault in the Sun-format map parser in certain circumstances. This has been now fixed by analyzing the intent of the incorrect check and changing it in order to properly identify the conditions without causing a fault. (BZ#1175671) * A bug in the autofs program map lookup module caused an incorrect map format type comparison. The incorrect comparison affected the Sun-format program maps where it led to the unused macro definitions. The bug in the comparison has been fixed so that the macro definitions are not present for the Sun-format program maps. (BZ#1201195) Users of autofs are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated autofs packages that fix one security issue and several bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The autofs utility controls the operation of the automount daemon. The \ndaemon automatically mounts file systems when in use and unmounts them when \nthey are not busy.\n\nIt was found that program-based automounter maps that used interpreted\nlanguages such as Python would use standard environment variables to locate\nand load modules of those languages. A local attacker could potentially use\nthis flaw to escalate their privileges on the system. (CVE-2014-8169)\n\nNote: This issue has been fixed by adding the \"AUTOFS_\" prefix to the\naffected environment variables so that they are not used to subvert the\nsystem. A configuration option (\"force_standard_program_map_env\") to\noverride this prefix and to use the environment variables without the\nprefix has been added. In addition, warnings have been added to the manual\npage and to the installed configuration file. Now, by default the standard\nvariables of the program map are provided only with the prefix added to\nits name.\n\nRed Hat would like to thank the Georgia Institute of Technology for\nreporting this issue.\n\nBug fixes:\n\n* If the \"ls *\" command was executed before a valid mount, the autofs\nprogram failed on further mount attempts inside the mount point, whether\nthe mount point was valid or not. While attempting to mount, the \"ls *\"\ncommand of the root directory of an indirect mount was executed, which\nled to an attempt to mount \"*\", causing it to be added to the negative\nmap entry cache. This bug has been fixed by checking for and not adding\n\"*\" while updating the negative map entry cache. (BZ#1163957)\n\n* The autofs program by design did not mount host map entries that were\nduplicate exports in an NFS server export list. The duplicate entries in a\nmulti-mount map entry were recognized as a syntax error and autofs refused\nto perform mounts when the duplicate entries occurred. Now, autofs has been\nchanged to continue mounting the last seen instance of the duplicate entry\nrather than fail, and to report the problem in the log files to alert the\nsystem administrator. (BZ#1124083)\n\n* The autofs program did not recognize the yp map type in the master map.\nThis was caused by another change in the master map parser to fix a problem\nwith detecting the map format associated with mapping the type in the\nmaster map. The change led to an incorrect length for the type comparison\nof yp maps that resulted in a match operation failure. This bug has been\nfixed by correcting the length which is used for the comparison.\n(BZ#1153130)\n\n* The autofs program did not update the export list of the Sun-format maps\nof the network shares exported from an NFS server. This happened due to a\nchange of the Sun-format map parser leading to the hosts map update to stop\nworking on the map re-read operation. The bug has been now fixed by\nselectively preventing this type of update only for the Sun-formatted maps.\nThe updates of the export list on the Sun-format maps are now visible and\nrefreshing of the export list is no longer supported for the Sun-formatted\nhosts map. (BZ#1156387)\n\n* Within changes made for adding of the Sun-format maps, an incorrect check \nwas added that caused a segmentation fault in the Sun-format map parser in \ncertain circumstances. This has been now fixed by analyzing the intent of \nthe incorrect check and changing it in order to properly identify the \nconditions without causing a fault. (BZ#1175671)\n\n* A bug in the autofs program map lookup module caused an incorrect map\nformat type comparison. The incorrect comparison affected the Sun-format\nprogram maps where it led to the unused macro definitions. The bug in the\ncomparison has been fixed so that the macro definitions are not present for\nthe Sun-format program maps. (BZ#1201195)\n\nUsers of autofs are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1344",
        "url": "https://access.redhat.com/errata/RHSA-2015:1344"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1153130",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1153130"
      },
      {
        "category": "external",
        "summary": "1163957",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163957"
      },
      {
        "category": "external",
        "summary": "1175671",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175671"
      },
      {
        "category": "external",
        "summary": "1192565",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192565"
      },
      {
        "category": "external",
        "summary": "1201195",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201195"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1344.json"
      }
    ],
    "title": "Red Hat Security Advisory: autofs security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T08:54:48+00:00",
      "generator": {
        "date": "2024-11-22T08:54:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2015:1344",
      "initial_release_date": "2015-07-20T13:59:56+00:00",
      "revision_history": [
        {
          "date": "2015-07-20T13:59:56+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-07-20T13:59:56+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T08:54:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                  "product_id": "6Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux HPC Node (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux HPC Node (v. 6)",
                  "product_id": "6ComputeNode",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "6Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "autofs-debuginfo-1:5.0.5-113.el6.s390x",
                "product": {
                  "name": "autofs-debuginfo-1:5.0.5-113.el6.s390x",
                  "product_id": "autofs-debuginfo-1:5.0.5-113.el6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/autofs-debuginfo@5.0.5-113.el6?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "autofs-1:5.0.5-113.el6.s390x",
                "product": {
                  "name": "autofs-1:5.0.5-113.el6.s390x",
                  "product_id": "autofs-1:5.0.5-113.el6.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/autofs@5.0.5-113.el6?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "autofs-debuginfo-1:5.0.5-113.el6.ppc64",
                "product": {
                  "name": "autofs-debuginfo-1:5.0.5-113.el6.ppc64",
                  "product_id": "autofs-debuginfo-1:5.0.5-113.el6.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/autofs-debuginfo@5.0.5-113.el6?arch=ppc64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "autofs-1:5.0.5-113.el6.ppc64",
                "product": {
                  "name": "autofs-1:5.0.5-113.el6.ppc64",
                  "product_id": "autofs-1:5.0.5-113.el6.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/autofs@5.0.5-113.el6?arch=ppc64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "autofs-debuginfo-1:5.0.5-113.el6.x86_64",
                "product": {
                  "name": "autofs-debuginfo-1:5.0.5-113.el6.x86_64",
                  "product_id": "autofs-debuginfo-1:5.0.5-113.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/autofs-debuginfo@5.0.5-113.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "autofs-1:5.0.5-113.el6.x86_64",
                "product": {
                  "name": "autofs-1:5.0.5-113.el6.x86_64",
                  "product_id": "autofs-1:5.0.5-113.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/autofs@5.0.5-113.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "autofs-debuginfo-1:5.0.5-113.el6.i686",
                "product": {
                  "name": "autofs-debuginfo-1:5.0.5-113.el6.i686",
                  "product_id": "autofs-debuginfo-1:5.0.5-113.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/autofs-debuginfo@5.0.5-113.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "autofs-1:5.0.5-113.el6.i686",
                "product": {
                  "name": "autofs-1:5.0.5-113.el6.i686",
                  "product_id": "autofs-1:5.0.5-113.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/autofs@5.0.5-113.el6?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "autofs-1:5.0.5-113.el6.src",
                "product": {
                  "name": "autofs-1:5.0.5-113.el6.src",
                  "product_id": "autofs-1:5.0.5-113.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/autofs@5.0.5-113.el6?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:autofs-1:5.0.5-113.el6.i686"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.i686",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:autofs-1:5.0.5-113.el6.ppc64"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.ppc64",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:autofs-1:5.0.5-113.el6.s390x"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.s390x",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:autofs-1:5.0.5-113.el6.src"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.src",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:autofs-1:5.0.5-113.el6.x86_64"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.x86_64",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:autofs-debuginfo-1:5.0.5-113.el6.i686"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.i686",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:autofs-debuginfo-1:5.0.5-113.el6.ppc64"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.ppc64",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:autofs-debuginfo-1:5.0.5-113.el6.s390x"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.s390x",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client:autofs-debuginfo-1:5.0.5-113.el6.x86_64"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.x86_64",
        "relates_to_product_reference": "6Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode:autofs-1:5.0.5-113.el6.i686"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.i686",
        "relates_to_product_reference": "6ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode:autofs-1:5.0.5-113.el6.ppc64"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.ppc64",
        "relates_to_product_reference": "6ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode:autofs-1:5.0.5-113.el6.s390x"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.s390x",
        "relates_to_product_reference": "6ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode:autofs-1:5.0.5-113.el6.src"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.src",
        "relates_to_product_reference": "6ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode:autofs-1:5.0.5-113.el6.x86_64"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.x86_64",
        "relates_to_product_reference": "6ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.i686"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.i686",
        "relates_to_product_reference": "6ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.ppc64"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.ppc64",
        "relates_to_product_reference": "6ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.s390x"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.s390x",
        "relates_to_product_reference": "6ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.x86_64"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.x86_64",
        "relates_to_product_reference": "6ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server:autofs-1:5.0.5-113.el6.i686"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.i686",
        "relates_to_product_reference": "6Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server:autofs-1:5.0.5-113.el6.ppc64"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.ppc64",
        "relates_to_product_reference": "6Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server:autofs-1:5.0.5-113.el6.s390x"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.s390x",
        "relates_to_product_reference": "6Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server:autofs-1:5.0.5-113.el6.src"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.src",
        "relates_to_product_reference": "6Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server:autofs-1:5.0.5-113.el6.x86_64"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.x86_64",
        "relates_to_product_reference": "6Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server:autofs-debuginfo-1:5.0.5-113.el6.i686"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.i686",
        "relates_to_product_reference": "6Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server:autofs-debuginfo-1:5.0.5-113.el6.ppc64"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.ppc64",
        "relates_to_product_reference": "6Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server:autofs-debuginfo-1:5.0.5-113.el6.s390x"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.s390x",
        "relates_to_product_reference": "6Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server:autofs-debuginfo-1:5.0.5-113.el6.x86_64"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.x86_64",
        "relates_to_product_reference": "6Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:autofs-1:5.0.5-113.el6.i686"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.i686",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:autofs-1:5.0.5-113.el6.ppc64"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.ppc64",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:autofs-1:5.0.5-113.el6.s390x"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.s390x",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:autofs-1:5.0.5-113.el6.src"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.src",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-1:5.0.5-113.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:autofs-1:5.0.5-113.el6.x86_64"
        },
        "product_reference": "autofs-1:5.0.5-113.el6.x86_64",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.i686"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.i686",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.ppc64"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.ppc64",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.s390x"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.s390x",
        "relates_to_product_reference": "6Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "autofs-debuginfo-1:5.0.5-113.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.x86_64"
        },
        "product_reference": "autofs-debuginfo-1:5.0.5-113.el6.x86_64",
        "relates_to_product_reference": "6Workstation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Georgia Institute"
          ],
          "organization": "Technology"
        }
      ],
      "cve": "CVE-2014-8169",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "discovery_date": "2014-11-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1192565"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "autofs: priv escalation via interpreter load path for program based automount maps",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the version of autofs package as shipped with Red Hat Enterprise Linux 5.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client:autofs-1:5.0.5-113.el6.i686",
          "6Client:autofs-1:5.0.5-113.el6.ppc64",
          "6Client:autofs-1:5.0.5-113.el6.s390x",
          "6Client:autofs-1:5.0.5-113.el6.src",
          "6Client:autofs-1:5.0.5-113.el6.x86_64",
          "6Client:autofs-debuginfo-1:5.0.5-113.el6.i686",
          "6Client:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
          "6Client:autofs-debuginfo-1:5.0.5-113.el6.s390x",
          "6Client:autofs-debuginfo-1:5.0.5-113.el6.x86_64",
          "6ComputeNode:autofs-1:5.0.5-113.el6.i686",
          "6ComputeNode:autofs-1:5.0.5-113.el6.ppc64",
          "6ComputeNode:autofs-1:5.0.5-113.el6.s390x",
          "6ComputeNode:autofs-1:5.0.5-113.el6.src",
          "6ComputeNode:autofs-1:5.0.5-113.el6.x86_64",
          "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.i686",
          "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
          "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.s390x",
          "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.x86_64",
          "6Server:autofs-1:5.0.5-113.el6.i686",
          "6Server:autofs-1:5.0.5-113.el6.ppc64",
          "6Server:autofs-1:5.0.5-113.el6.s390x",
          "6Server:autofs-1:5.0.5-113.el6.src",
          "6Server:autofs-1:5.0.5-113.el6.x86_64",
          "6Server:autofs-debuginfo-1:5.0.5-113.el6.i686",
          "6Server:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
          "6Server:autofs-debuginfo-1:5.0.5-113.el6.s390x",
          "6Server:autofs-debuginfo-1:5.0.5-113.el6.x86_64",
          "6Workstation:autofs-1:5.0.5-113.el6.i686",
          "6Workstation:autofs-1:5.0.5-113.el6.ppc64",
          "6Workstation:autofs-1:5.0.5-113.el6.s390x",
          "6Workstation:autofs-1:5.0.5-113.el6.src",
          "6Workstation:autofs-1:5.0.5-113.el6.x86_64",
          "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.i686",
          "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
          "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.s390x",
          "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-8169"
        },
        {
          "category": "external",
          "summary": "RHBZ#1192565",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192565"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-8169",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-8169"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8169",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8169"
        }
      ],
      "release_date": "2015-03-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-07-20T13:59:56+00:00",
          "details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client:autofs-1:5.0.5-113.el6.i686",
            "6Client:autofs-1:5.0.5-113.el6.ppc64",
            "6Client:autofs-1:5.0.5-113.el6.s390x",
            "6Client:autofs-1:5.0.5-113.el6.src",
            "6Client:autofs-1:5.0.5-113.el6.x86_64",
            "6Client:autofs-debuginfo-1:5.0.5-113.el6.i686",
            "6Client:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
            "6Client:autofs-debuginfo-1:5.0.5-113.el6.s390x",
            "6Client:autofs-debuginfo-1:5.0.5-113.el6.x86_64",
            "6ComputeNode:autofs-1:5.0.5-113.el6.i686",
            "6ComputeNode:autofs-1:5.0.5-113.el6.ppc64",
            "6ComputeNode:autofs-1:5.0.5-113.el6.s390x",
            "6ComputeNode:autofs-1:5.0.5-113.el6.src",
            "6ComputeNode:autofs-1:5.0.5-113.el6.x86_64",
            "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.i686",
            "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
            "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.s390x",
            "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.x86_64",
            "6Server:autofs-1:5.0.5-113.el6.i686",
            "6Server:autofs-1:5.0.5-113.el6.ppc64",
            "6Server:autofs-1:5.0.5-113.el6.s390x",
            "6Server:autofs-1:5.0.5-113.el6.src",
            "6Server:autofs-1:5.0.5-113.el6.x86_64",
            "6Server:autofs-debuginfo-1:5.0.5-113.el6.i686",
            "6Server:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
            "6Server:autofs-debuginfo-1:5.0.5-113.el6.s390x",
            "6Server:autofs-debuginfo-1:5.0.5-113.el6.x86_64",
            "6Workstation:autofs-1:5.0.5-113.el6.i686",
            "6Workstation:autofs-1:5.0.5-113.el6.ppc64",
            "6Workstation:autofs-1:5.0.5-113.el6.s390x",
            "6Workstation:autofs-1:5.0.5-113.el6.src",
            "6Workstation:autofs-1:5.0.5-113.el6.x86_64",
            "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.i686",
            "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
            "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.s390x",
            "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1344"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client:autofs-1:5.0.5-113.el6.i686",
            "6Client:autofs-1:5.0.5-113.el6.ppc64",
            "6Client:autofs-1:5.0.5-113.el6.s390x",
            "6Client:autofs-1:5.0.5-113.el6.src",
            "6Client:autofs-1:5.0.5-113.el6.x86_64",
            "6Client:autofs-debuginfo-1:5.0.5-113.el6.i686",
            "6Client:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
            "6Client:autofs-debuginfo-1:5.0.5-113.el6.s390x",
            "6Client:autofs-debuginfo-1:5.0.5-113.el6.x86_64",
            "6ComputeNode:autofs-1:5.0.5-113.el6.i686",
            "6ComputeNode:autofs-1:5.0.5-113.el6.ppc64",
            "6ComputeNode:autofs-1:5.0.5-113.el6.s390x",
            "6ComputeNode:autofs-1:5.0.5-113.el6.src",
            "6ComputeNode:autofs-1:5.0.5-113.el6.x86_64",
            "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.i686",
            "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
            "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.s390x",
            "6ComputeNode:autofs-debuginfo-1:5.0.5-113.el6.x86_64",
            "6Server:autofs-1:5.0.5-113.el6.i686",
            "6Server:autofs-1:5.0.5-113.el6.ppc64",
            "6Server:autofs-1:5.0.5-113.el6.s390x",
            "6Server:autofs-1:5.0.5-113.el6.src",
            "6Server:autofs-1:5.0.5-113.el6.x86_64",
            "6Server:autofs-debuginfo-1:5.0.5-113.el6.i686",
            "6Server:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
            "6Server:autofs-debuginfo-1:5.0.5-113.el6.s390x",
            "6Server:autofs-debuginfo-1:5.0.5-113.el6.x86_64",
            "6Workstation:autofs-1:5.0.5-113.el6.i686",
            "6Workstation:autofs-1:5.0.5-113.el6.ppc64",
            "6Workstation:autofs-1:5.0.5-113.el6.s390x",
            "6Workstation:autofs-1:5.0.5-113.el6.src",
            "6Workstation:autofs-1:5.0.5-113.el6.x86_64",
            "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.i686",
            "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.ppc64",
            "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.s390x",
            "6Workstation:autofs-debuginfo-1:5.0.5-113.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "autofs: priv escalation via interpreter load path for program based automount maps"
    }
  ]
}

cve-2014-8169

Vulnerability from cvelistv5

Published

2015-03-18 16:00

Modified

2024-08-06 13:10

Severity ?

Summary

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

References

▼	URL	Tags
	http://www.ubuntu.com/usn/USN-2579-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-1344.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1192565	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/73211	vdb-entry, x_refsource_BID
	https://bugzilla.suse.com/show_bug.cgi?id=917977	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:51.178Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2579-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2579-1"
          },
          {
            "name": "RHSA-2015:1344",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1344.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192565"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "openSUSE-SU-2015:0475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html"
          },
          {
            "name": "73211",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73211"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=917977"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user\u0027s USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2579-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2579-1"
        },
        {
          "name": "RHSA-2015:1344",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1344.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192565"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "openSUSE-SU-2015:0475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html"
        },
        {
          "name": "73211",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73211"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=917977"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8169",
    "datePublished": "2015-03-18T16:00:00",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:51.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted