Lucene search

K

[email protected]NVD:CVE-2012-0787

HistoryNov 23, 2013 - 6:55 p.m.

CVE-2012-0787

2013-11-2318:55:04

[email protected]

web.nvd.nist.gov

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch6.0

Node

augeasaugeasRange≤0.10.0

OR

augeasaugeasMatch0.0.1

OR

augeasaugeasMatch0.0.2

OR

augeasaugeasMatch0.0.3

OR

augeasaugeasMatch0.0.4

OR

augeasaugeasMatch0.0.5

OR

augeasaugeasMatch0.0.6

OR

augeasaugeasMatch0.0.7

OR

augeasaugeasMatch0.0.8

OR

augeasaugeasMatch0.1.0

OR

augeasaugeasMatch0.1.1

OR

augeasaugeasMatch0.2.0

OR

augeasaugeasMatch0.2.1

OR

augeasaugeasMatch0.2.2

OR

augeasaugeasMatch0.3.0

OR

augeasaugeasMatch0.3.1

OR

augeasaugeasMatch0.3.2

OR

augeasaugeasMatch0.3.3

OR

augeasaugeasMatch0.3.4

OR

augeasaugeasMatch0.3.5

OR

augeasaugeasMatch0.3.6

OR

augeasaugeasMatch0.4.0

OR

augeasaugeasMatch0.4.1

OR

augeasaugeasMatch0.4.2

OR

augeasaugeasMatch0.5.0

OR

augeasaugeasMatch0.5.1

OR

augeasaugeasMatch0.5.2

OR

augeasaugeasMatch0.5.3

OR

augeasaugeasMatch0.6.0

OR

augeasaugeasMatch0.7.0

OR

augeasaugeasMatch0.7.1

OR

augeasaugeasMatch0.7.2

OR

augeasaugeasMatch0.7.3

OR

augeasaugeasMatch0.7.4

OR

augeasaugeasMatch0.8.0

OR

augeasaugeasMatch0.8.1

OR

augeasaugeasMatch0.9.0

References

augeas.net/news.html

rhn.redhat.com/errata/RHSA-2013-1537.html

secunia.com/advisories/55811

bugzilla.redhat.com/show_bug.cgi?id=772261

github.com/hercules-team/augeas/commit/b8de6a8c

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2012-0787

cvelist1 debiancve1 ubuntucve1 cve1 prion1 openvas6 redhat2 oraclelinux1 nessus8 centos1 veracode1 amazon1 debian1 securityvulns2 osv1 mageia1