Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.7
CVSSv2

CVE-2012-0787

Published: 23/11/2013 Updated: 22/04/2019
CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9
VMScore: 329
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Redhat

Vulnerability Summary

The clone_file function in transfer.c in Augeas prior to 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 6.0

augeas augeas 0.0.7

augeas augeas 0.0.8

augeas augeas 0.1.0

augeas augeas 0.1.1

augeas augeas 0.4.2

augeas augeas 0.5.0

augeas augeas 0.5.1

augeas augeas 0.5.2

augeas augeas 0.5.3

augeas augeas 0.0.2

augeas augeas 0.0.4

augeas augeas 0.0.6

augeas augeas 0.2.0

augeas augeas 0.2.2

augeas augeas 0.3.6

augeas augeas 0.4.1

augeas augeas 0.7.0

augeas augeas 0.7.2

augeas augeas 0.9.0

augeas augeas 0.0.3

augeas augeas 0.0.5

augeas augeas 0.2.1

augeas augeas 0.3.0

augeas augeas 0.3.5

augeas augeas 0.4.0

augeas augeas 0.6.0

augeas augeas 0.7.1

augeas augeas

augeas augeas 0.0.1

augeas augeas 0.3.1

augeas augeas 0.3.2

augeas augeas 0.3.3

augeas augeas 0.3.4

augeas augeas 0.7.3

augeas augeas 0.7.4

augeas augeas 0.8.0

augeas augeas 0.8.1

Vendor Advisories

Red Hat: Low: augeas security, bug fix, and enhancement update
Synopsis Low: augeas security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic Updated augeas packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update ...
Debian CVElist Bug Report Logs: augeas: CVE-2012-0786, CVE-2012-0787
Debian Bug report logs - #731132 augeas: CVE-2012-0786, CVE-2012-0787 Package: augeas; Maintainer for augeas is Hilko Bengen <bengen@debianorg>; Reported by: Raphael Geissert <geissert@debianorg> Date: Mon, 2 Dec 2013 11:09:01 UTC Severity: important Tags: patch, security Fixed in version augeas/072-1+deb6u1 D ...
Debian CVElist Bug Report Logs: augeas: CVE-2013-6412
Debian Bug report logs - #731111 augeas: CVE-2013-6412 Package: augeas; Maintainer for augeas is Hilko Bengen <bengen@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 2 Dec 2013 08:54:02 UTC Severity: important Tags: patch, security Fixed in version augeas/072-1+deb6u1 Done: Raphael Geiss ...
Amazon Linux AMI: ALAS-2013-250
Multiple flaws were found in the way Augeas handled configuration files when updating them An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into ...

References

NVD-CWE-noinfohttps://bugzilla.redhat.com/show_bug.cgi?id=772261http://augeas.net/news.htmlhttp://secunia.com/advisories/55811https://github.com/hercules-team/augeas/commit/b8de6a8chttp://rhn.redhat.com/errata/RHSA-2013-1537.htmlhttps://access.redhat.com/errata/RHSA-2013:1537https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2013-250.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook