Lucene search

MitreCVE-2012-6607

HistoryNov 23, 2013 - 6:55 p.m.

CVE-2012-6607

2013-11-2318:55:04

CWE-22

mitre

web.nvd.nist.gov

cve-2012-6607

augeas

transform_save function

symlink attack

sensitive information

security vulnerability

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786.

Affected configurations

Nvd

Node

augeasaugeasRange≤0.10.0

augeasaugeasMatch0.0.1

augeasaugeasMatch0.0.2

augeasaugeasMatch0.0.3

augeasaugeasMatch0.0.4

augeasaugeasMatch0.0.5

augeasaugeasMatch0.0.6

augeasaugeasMatch0.0.7

augeasaugeasMatch0.0.8

augeasaugeasMatch0.1.0

augeasaugeasMatch0.1.1

augeasaugeasMatch0.2.0

augeasaugeasMatch0.2.1

augeasaugeasMatch0.2.2

augeasaugeasMatch0.3.0

augeasaugeasMatch0.3.1

augeasaugeasMatch0.3.2

augeasaugeasMatch0.3.3

augeasaugeasMatch0.3.4

augeasaugeasMatch0.3.5

augeasaugeasMatch0.3.6

augeasaugeasMatch0.4.0

augeasaugeasMatch0.4.1

augeasaugeasMatch0.4.2

augeasaugeasMatch0.5.0

augeasaugeasMatch0.5.1

augeasaugeasMatch0.5.2

augeasaugeasMatch0.5.3

augeasaugeasMatch0.6.0

augeasaugeasMatch0.7.0

augeasaugeasMatch0.7.1

augeasaugeasMatch0.7.2

augeasaugeasMatch0.7.3

augeasaugeasMatch0.7.4

augeasaugeasMatch0.8.0

augeasaugeasMatch0.8.1

augeasaugeasMatch0.9.0

VendorProductVersionCPE
augeasaugeas*cpe:2.3:a:augeas:augeas:*:*:*:*:*:*:*:*
augeasaugeas0.0.1cpe:2.3:a:augeas:augeas:0.0.1:*:*:*:*:*:*:*
augeasaugeas0.0.2cpe:2.3:a:augeas:augeas:0.0.2:*:*:*:*:*:*:*
augeasaugeas0.0.3cpe:2.3:a:augeas:augeas:0.0.3:*:*:*:*:*:*:*
augeasaugeas0.0.4cpe:2.3:a:augeas:augeas:0.0.4:*:*:*:*:*:*:*
augeasaugeas0.0.5cpe:2.3:a:augeas:augeas:0.0.5:*:*:*:*:*:*:*
augeasaugeas0.0.6cpe:2.3:a:augeas:augeas:0.0.6:*:*:*:*:*:*:*
augeasaugeas0.0.7cpe:2.3:a:augeas:augeas:0.0.7:*:*:*:*:*:*:*
augeasaugeas0.0.8cpe:2.3:a:augeas:augeas:0.0.8:*:*:*:*:*:*:*
augeasaugeas0.1.0cpe:2.3:a:augeas:augeas:0.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
augeas	augeas	*	cpe:2.3:a:augeas:augeas::::::::
augeas	augeas	0.0.1	cpe:2.3:a:augeas:augeas:0.0.1:::::::*
augeas	augeas	0.0.2	cpe:2.3:a:augeas:augeas:0.0.2:::::::*
augeas	augeas	0.0.3	cpe:2.3:a:augeas:augeas:0.0.3:::::::*
augeas	augeas	0.0.4	cpe:2.3:a:augeas:augeas:0.0.4:::::::*
augeas	augeas	0.0.5	cpe:2.3:a:augeas:augeas:0.0.5:::::::*
augeas	augeas	0.0.6	cpe:2.3:a:augeas:augeas:0.0.6:::::::*
augeas	augeas	0.0.7	cpe:2.3:a:augeas:augeas:0.0.7:::::::*
augeas	augeas	0.0.8	cpe:2.3:a:augeas:augeas:0.0.8:::::::*
augeas	augeas	0.1.0	cpe:2.3:a:augeas:augeas:0.1.0:::::::*