Bug 1192565 (CVE-2014-8169) - CVE-2014-8169 autofs: priv escalation via interpreter load path for program based automount maps
Summary: CVE-2014-8169 autofs: priv escalation via interpreter load path for program b...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-8169
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1160446 1162041 1197971
Blocks: 1192566 1193283 1210268
TreeView+ depends on / blocked
 
Reported: 2015-02-13 17:46 UTC by Kurt Seifried
Modified: 2021-02-17 05:38 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system.
Clone Of:
Environment:
Last Closed: 2015-11-20 04:35:52 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1344 0 normal SHIPPED_LIVE Moderate: autofs security and bug fix update 2015-07-20 17:59:56 UTC
Red Hat Product Errata RHSA-2015:2417 0 normal SHIPPED_LIVE Moderate: autofs security, bug fix and enhancement update 2015-11-19 11:23:21 UTC

Description Kurt Seifried 2015-02-13 17:46:20 UTC
The Georgia Institute of Technology reports:

When a program map uses an interpreted languages like python it's
possible to load and execute arbitray code from a user home directory.
This is because the standard environment variables are used to locate
and load modules when using these languages.

To avoid that we need to add a prefix to these environment names so
they aren't used for this purpose. The prefix used is "AUTOFS_" and
is not configurable.

Comment 3 Ian Kent 2015-02-27 06:06:24 UTC
(In reply to Huzaifa S. Sidhpurwala from comment #2)
> 
> This issue affects the version of autofs as shipped with Red Hat Enterprise
> Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of
> the support and maintenance life cycle. This issue is not currently planned
> to be addressed in future updates. For additional information, refer to the
> Red Hat Enterprise Linux Life Cycle:
> https://access.redhat.com/support/policy/updates/errata/.

This is not so.
RHEL 5 is not affected by this issue.

Comment 5 Kurt Seifried 2015-03-02 19:17:24 UTC
Acknowledgement:


Red Hat would like to thank the Georgia Institute of Technology for reporting this issue.

Comment 8 Huzaifa S. Sidhpurwala 2015-03-25 05:06:31 UTC
Statement:

This issue does not affect the version of autofs package as shipped with Red Hat Enterprise Linux 5.

Comment 9 errata-xmlrpc 2015-07-22 06:51:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1344 https://rhn.redhat.com/errata/RHSA-2015-1344.html

Comment 13 errata-xmlrpc 2015-11-19 13:00:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2417 https://rhn.redhat.com/errata/RHSA-2015-2417.html


Note You need to log in before you can comment on or make changes to this bug.