3.3
CVSSv2

CVE-2012-0786

Published: 23/11/2013 Updated: 24/01/2014
CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4
VMScore: 294
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

The transform_save function in transform.c in Augeas prior to 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.

Affected Products

Vendor Product Versions
AugeasAugeas0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.8.0, 0.8.1, 0.9.0, 0.10.0

Vendor Advisories

Synopsis Low: augeas security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic Updated augeas packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update ...
Debian Bug report logs - #731132 augeas: CVE-2012-0786, CVE-2012-0787 Package: augeas; Maintainer for augeas is Hilko Bengen <bengen@debianorg>; Reported by: Raphael Geissert <geissert@debianorg> Date: Mon, 2 Dec 2013 11:09:01 UTC Severity: important Tags: patch, security Fixed in version augeas/072-1+deb6u1 D ...
Debian Bug report logs - #731111 augeas: CVE-2013-6412 Package: augeas; Maintainer for augeas is Hilko Bengen <bengen@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 2 Dec 2013 08:54:02 UTC Severity: important Tags: patch, security Fixed in version augeas/072-1+deb6u1 Done: Raphael Geiss ...
Multiple flaws were found in the way Augeas handled configuration files when updating them An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into ...