CVE-2012-0787

🗓️ 23 Nov 2013 18:00:00Reported by Debian Security Bug TrackerType

debiancve🔗 security-tracker.debian.org👁 25 Views

The clone_file function in transfer.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount

Reporter	Title	Published	Views	Family All 36
Amazon	Low: augeas	2 Dec 201300:00	–	amazon
Tenable Nessus	Amazon Linux AMI : augeas (ALAS-2013-250)	10 Dec 201300:00	–	nessus
Tenable Nessus	CentOS 6 : augeas (CESA-2013:1537)	12 Nov 201400:00	–	nessus
Tenable Nessus	Debian DLA-28-1 : augeas security update	26 Mar 201500:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : augeas (MDVSA-2014:022)	27 Jan 201400:00	–	nessus
Tenable Nessus	MiracleLinux 4 : augeas-1.0.0-5.AXS4.1 (AXSA:2014-034:01)	16 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 6 : augeas (ELSA-2013-1537)	27 Nov 201300:00	–	nessus
Tenable Nessus	RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)	8 Nov 201400:00	–	nessus
Tenable Nessus	RHEL 6 : augeas (RHSA-2013:1537)	21 Nov 201300:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : augeas on SL6.x i386/x86_64 (20131121)	4 Dec 201300:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Debian	11	any	augeas	1.0.0-1	augeas_1.0.0-1_any.deb
Debian	12	any	augeas	1.0.0-1	augeas_1.0.0-1_any.deb
Debian	13	any	augeas	1.0.0-1	augeas_1.0.0-1_any.deb
Debian	14	any	augeas	1.0.0-1	augeas_1.0.0-1_any.deb
Debian	999	any	augeas	1.0.0-1	augeas_1.0.0-1_any.deb

23 Nov 2013 18:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 23.7

EPSS0.00413