Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2013-250
HistoryDec 02, 2013 - 8:28 p.m.

Low: augeas

2013-12-0220:28:00
alas.aws.amazon.com
9

0.0004 Low

EPSS

Percentile

5.2%

JSON

Issue Overview:

Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)

Affected Packages:

augeas

Issue Correction:
Run yum update augeas to update your system.

New Packages:

i686:  
    augeas-libs-1.0.0-5.5.amzn1.i686  
    augeas-debuginfo-1.0.0-5.5.amzn1.i686  
    augeas-1.0.0-5.5.amzn1.i686  
    augeas-devel-1.0.0-5.5.amzn1.i686  
  
src:  
    augeas-1.0.0-5.5.amzn1.src  
  
x86_64:  
    augeas-devel-1.0.0-5.5.amzn1.x86_64  
    augeas-1.0.0-5.5.amzn1.x86_64  
    augeas-debuginfo-1.0.0-5.5.amzn1.x86_64  
    augeas-libs-1.0.0-5.5.amzn1.x86_64

Additional References

Red Hat: CVE-2012-0786, CVE-2012-0787

Mitre: CVE-2012-0786, CVE-2012-0787

Related

openvas 7
redhat 2
oraclelinux 1
nessus 9
centos 1
veracode 2
debian 1
securityvulns 2
osv 1
mageia 1
cve 3
debiancve 3
cvelist 3
prion 3
ubuntucve 4
openvas
openvas
RedHat Update for augeas RHSA-2013:1537-02
2013-11-21 00:00:00
RedHat Update for augeas RHSA-2013:1537-02
2013-11-21 00:00:00
Oracle: Security Advisory (ELSA-2013-1537)
2015-10-06 00:00:00
redhat
redhat
(RHSA-2013:1537) Low: augeas security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update
2013-11-21 00:00:00
oraclelinux
oraclelinux
augeas security, bug fix, and enhancement update
2013-11-25 00:00:00
nessus
nessus
Amazon Linux AMI : augeas (ALAS-2013-250)
2013-12-10 00:00:00
Scientific Linux Security Update : augeas on SL6.x i386/x86_64 (20131121)
2013-12-04 00:00:00
Oracle Linux 6 : augeas (ELSA-2013-1537)
2013-11-27 00:00:00
centos
centos
augeas security update
2013-11-26 13:31:08
veracode
veracode
Sensitive Information Disclosure
2019-05-02 04:58:48
Symlink Attack
2019-01-15 09:01:38
debian
debian
[DLA 28-1] augeas security update
2014-08-01 11:26:44
securityvulns
securityvulns
Augeas multiple security vulnerabilities
2014-01-29 00:00:00
[ MDVSA-2014:022 ] augeas
2014-01-29 00:00:00
osv
osv
augeas - security update
2014-08-01 00:00:00
mageia
mageia
Updated augeas package fixes security vulnerabilities
2014-02-12 21:10:49
cve
cve
CVE-2012-0786
2013-11-23 18:55:00
CVE-2012-0787
2013-11-23 18:55:00
CVE-2012-6607
2013-11-23 18:55:00
debiancve
debiancve
CVE-2012-0786
2013-11-23 18:55:00
CVE-2012-0787
2013-11-23 18:55:00
CVE-2012-6607
2013-11-23 18:55:00
cvelist
cvelist
CVE-2012-0787
2013-11-23 18:00:00
CVE-2012-0786
2013-11-23 18:00:00
CVE-2012-6607
2013-11-23 18:00:00
prion
prion
Design/Logic Flaw
2013-11-23 18:55:00
Information disclosure
2013-11-23 18:55:00
Design/Logic Flaw
2013-11-23 18:55:00
ubuntucve
ubuntucve
CVE-2012-0787
2013-11-23 00:00:00
CVE-2012-0786
2013-11-23 00:00:00
CVE-2012-6607
2013-11-23 00:00:00

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for ALAS-2013-250
openvas7redhat2oraclelinux1nessus9centos1veracode2debian1securityvulns2osv1mageia1cve3debiancve3cvelist3prion3ubuntucve4