augeas is vulnerable to world writable permissions. The vulnerability exists as the transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a “7,” which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
augeas | eq | 0.9.0__4.el6 | |
augeas | eq | 0.7.2__6.el6 | |
augeas | eq | 0.9.0__1.el6 | |
augeas | eq | 0.7.2__3.el6 |