{"id": "ALA_ALAS-2013-250.NASL", "bulletinFamily": "scanner", "title": "Amazon Linux AMI : augeas (ALAS-2013-250)", "description": "Multiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)", "published": "2013-12-10T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/71267", "reporter": "This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.", "references": ["https://alas.aws.amazon.com/ALAS-2013-250.html"], "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "type": "nessus", "lastseen": "2021-03-01T01:21:33", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0786", "CVE-2012-0787"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123524", "OPENVAS:1361412562310120545", "OPENVAS:1361412562310871079", "OPENVAS:871079"]}, {"type": "centos", "idList": ["CESA-2013:1537"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1537"]}, {"type": "redhat", "idList": ["RHSA-2013:1527", "RHSA-2013:1537"]}, {"type": "amazon", "idList": ["ALAS-2013-250"]}, {"type": "nessus", "idList": ["SL_20131121_AUGEAS_ON_SL6_X.NASL", "REDHAT-RHSA-2013-1527.NASL", "SUSE_11_AUGEAS-140730.NASL", "CENTOS_RHSA-2013-1537.NASL", "DEBIAN_DLA-28.NASL", "REDHAT-RHSA-2013-1537.NASL", "ORACLELINUX_ELSA-2013-1537.NASL", "MANDRIVA_MDVSA-2014-022.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30258", "SECURITYVULNS:VULN:13538"]}, {"type": "debian", "idList": ["DEBIAN:DLA-28-1:4A4C5"]}], "modified": "2021-03-01T01:21:33", "rev": 2}, "score": {"value": 4.3, "vector": "NONE", "modified": "2021-03-01T01:21:33", "rev": 2}, "vulnersScore": 4.3}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-250.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71267);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\");\n script_xref(name:\"ALAS\", value:\"2013-250\");\n script_xref(name:\"RHSA\", value:\"2013:1537\");\n\n script_name(english:\"Amazon Linux AMI : augeas (ALAS-2013-250)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-250.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update augeas' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:augeas-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"augeas-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-debuginfo-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-devel-1.0.0-5.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"augeas-libs-1.0.0-5.5.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"augeas / augeas-debuginfo / augeas-devel / augeas-libs\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "71267", "cpe": ["p-cpe:/a:amazon:linux:augeas-devel", "p-cpe:/a:amazon:linux:augeas-debuginfo", "p-cpe:/a:amazon:linux:augeas", "p-cpe:/a:amazon:linux:augeas-libs", "cpe:/o:amazon:linux"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:59:46", "description": "The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.", "edition": 6, "cvss3": {}, "published": "2013-11-23T18:55:00", "title": "CVE-2012-0786", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0786"], "modified": "2014-01-24T04:24:00", "cpe": ["cpe:/a:augeas:augeas:0.0.2", "cpe:/a:augeas:augeas:0.0.3", "cpe:/a:augeas:augeas:0.9.0", "cpe:/a:augeas:augeas:0.3.6", "cpe:/a:augeas:augeas:0.5.2", "cpe:/a:augeas:augeas:0.2.1", "cpe:/a:augeas:augeas:0.7.2", "cpe:/a:augeas:augeas:0.3.2", "cpe:/a:augeas:augeas:0.2.2", "cpe:/a:augeas:augeas:0.0.4", "cpe:/a:augeas:augeas:0.0.8", "cpe:/a:augeas:augeas:0.2.0", "cpe:/a:augeas:augeas:0.7.1", "cpe:/a:augeas:augeas:0.7.4", "cpe:/a:augeas:augeas:0.7.3", "cpe:/a:augeas:augeas:0.8.1", "cpe:/a:augeas:augeas:0.7.0", "cpe:/a:augeas:augeas:0.4.1", "cpe:/a:augeas:augeas:0.8.0", "cpe:/a:augeas:augeas:0.1.0", "cpe:/a:augeas:augeas:0.5.0", "cpe:/a:augeas:augeas:0.6.0", "cpe:/a:augeas:augeas:0.0.6", "cpe:/a:augeas:augeas:0.3.5", "cpe:/a:augeas:augeas:0.0.5", "cpe:/a:augeas:augeas:0.3.3", "cpe:/a:augeas:augeas:0.0.7", "cpe:/a:augeas:augeas:0.4.2", "cpe:/a:augeas:augeas:0.3.1", "cpe:/a:augeas:augeas:0.5.1", "cpe:/a:augeas:augeas:0.3.4", "cpe:/a:augeas:augeas:0.1.1", "cpe:/a:augeas:augeas:0.5.3", "cpe:/a:augeas:augeas:0.4.0", "cpe:/a:augeas:augeas:0.0.1", "cpe:/a:augeas:augeas:0.10.0", "cpe:/a:augeas:augeas:0.3.0"], "id": "CVE-2012-0786", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0786", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:augeas:augeas:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:46", "description": "The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.", "edition": 6, "cvss3": {}, "published": "2013-11-23T18:55:00", "title": "CVE-2012-0787", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0787"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/a:augeas:augeas:0.0.2", "cpe:/a:augeas:augeas:0.0.3", "cpe:/a:augeas:augeas:0.9.0", "cpe:/a:augeas:augeas:0.3.6", "cpe:/a:augeas:augeas:0.5.2", "cpe:/a:augeas:augeas:0.2.1", "cpe:/a:augeas:augeas:0.7.2", "cpe:/a:augeas:augeas:0.3.2", "cpe:/a:augeas:augeas:0.2.2", "cpe:/a:augeas:augeas:0.0.4", "cpe:/a:augeas:augeas:0.0.8", "cpe:/a:augeas:augeas:0.2.0", "cpe:/a:augeas:augeas:0.7.1", "cpe:/a:augeas:augeas:0.7.4", "cpe:/a:augeas:augeas:0.7.3", "cpe:/a:augeas:augeas:0.8.1", "cpe:/a:augeas:augeas:0.7.0", "cpe:/a:augeas:augeas:0.4.1", "cpe:/a:augeas:augeas:0.8.0", "cpe:/a:augeas:augeas:0.1.0", "cpe:/a:augeas:augeas:0.5.0", "cpe:/a:augeas:augeas:0.6.0", "cpe:/a:augeas:augeas:0.0.6", "cpe:/a:augeas:augeas:0.3.5", "cpe:/a:augeas:augeas:0.0.5", "cpe:/a:augeas:augeas:0.3.3", "cpe:/a:augeas:augeas:0.0.7", "cpe:/a:augeas:augeas:0.4.2", "cpe:/a:augeas:augeas:0.3.1", "cpe:/a:augeas:augeas:0.5.1", "cpe:/a:augeas:augeas:0.3.4", "cpe:/a:augeas:augeas:0.1.1", "cpe:/a:augeas:augeas:0.5.3", "cpe:/a:augeas:augeas:0.4.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:augeas:augeas:0.0.1", "cpe:/a:augeas:augeas:0.10.0", "cpe:/a:augeas:augeas:0.3.0"], "id": "CVE-2012-0787", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0787", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:augeas:augeas:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:augeas:augeas:0.1.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-23T13:09:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "description": "Check for the Version of augeas", "modified": "2018-01-23T00:00:00", "published": "2013-11-21T00:00:00", "id": "OPENVAS:871079", "href": "http://plugins.openvas.org/nasl.php?oid=871079", "type": "openvas", "title": "RedHat Update for augeas RHSA-2013:1537-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for augeas RHSA-2013:1537-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871079);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-21 10:44:11 +0530 (Thu, 21 Nov 2013)\");\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\");\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for augeas RHSA-2013:1537-02\");\n\n tag_insight = \"Augeas is a utility for editing configuration. Augeas parses configuration\nfiles in their native formats and transforms them into a tree.\nConfiguration changes are made by manipulating this tree and saving it back\ninto native configuration files. Augeas also uses 'lenses' as basic\nbuilding blocks for establishing the mapping from files into the Augeas\ntree and back.\n\nMultiple flaws were found in the way Augeas handled configuration files\nwhen updating them. An application using Augeas to update configuration\nfiles in a directory that is writable to by a different user (for example,\nan application running as root that is updating files in a directory owned\nby a non-root service user) could have been tricked into overwriting\narbitrary files or leaking information via a symbolic link or mount point\nattack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#817753)\n\nThis update also fixes the following bugs:\n\n* Previously, when single quotes were used in an XML attribute, Augeas was\nunable to parse the file with the XML lens. An upstream patch has been\nprovided ensuring that single quotes are handled as valid characters and\nparsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the 'require_ssl_reuse'\noption in the vsftpd.conf file. The updated patch fixes the vsftpd lens to\nproperly recognize this option, thus fixing this bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with spaces\naround '=' characters in option directives. The modprobe lens has been\nupdated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\";\n\n tag_affected = \"augeas on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1537-02\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00017.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of augeas\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"augeas-debuginfo\", rpm:\"augeas-debuginfo~1.0.0~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"augeas-libs\", rpm:\"augeas-libs~1.0.0~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:01:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120545", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120545", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-250)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120545\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:18 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-250)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787 )\");\n script_tag(name:\"solution\", value:\"Run yum update augeas to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-250.html\");\n script_cve_id(\"CVE-2012-0787\", \"CVE-2012-0786\");\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"augeas-libs\", rpm:\"augeas-libs~1.0.0~5.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"augeas-debuginfo\", rpm:\"augeas-debuginfo~1.0.0~5.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"augeas\", rpm:\"augeas~1.0.0~5.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"augeas-devel\", rpm:\"augeas-devel~1.0.0~5.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-11-21T00:00:00", "id": "OPENVAS:1361412562310871079", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871079", "type": "openvas", "title": "RedHat Update for augeas RHSA-2013:1537-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for augeas RHSA-2013:1537-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871079\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-21 10:44:11 +0530 (Thu, 21 Nov 2013)\");\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\");\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for augeas RHSA-2013:1537-02\");\n\n\n script_tag(name:\"affected\", value:\"augeas on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"Augeas is a utility for editing configuration. Augeas parses configuration\nfiles in their native formats and transforms them into a tree.\nConfiguration changes are made by manipulating this tree and saving it back\ninto native configuration files. Augeas also uses 'lenses' as basic\nbuilding blocks for establishing the mapping from files into the Augeas\ntree and back.\n\nMultiple flaws were found in the way Augeas handled configuration files\nwhen updating them. An application using Augeas to update configuration\nfiles in a directory that is writable to by a different user (for example,\nan application running as root that is updating files in a directory owned\nby a non-root service user) could have been tricked into overwriting\narbitrary files or leaking information via a symbolic link or mount point\nattack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#817753)\n\nThis update also fixes the following bugs:\n\n * Previously, when single quotes were used in an XML attribute, Augeas was\nunable to parse the file with the XML lens. An upstream patch has been\nprovided ensuring that single quotes are handled as valid characters and\nparsing no longer fails. (BZ#799885)\n\n * Prior to this update, Augeas was unable to set up the 'require_ssl_reuse'\noption in the vsftpd.conf file. The updated patch fixes the vsftpd lens to\nproperly recognize this option, thus fixing this bug. (BZ#855022)\n\n * Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n * Previously, Augeas was unable to parse modprobe.conf files with spaces\naround '=' characters in option directives. The modprobe lens has been\nupdated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1537-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00017.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'augeas'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"augeas-debuginfo\", rpm:\"augeas-debuginfo~1.0.0~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"augeas-libs\", rpm:\"augeas-libs~1.0.0~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "description": "Oracle Linux Local Security Checks ELSA-2013-1537", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123524", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123524", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1537.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123524\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:02 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1537\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1537 - augeas security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1537\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1537.html\");\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\");\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"augeas\", rpm:\"augeas~1.0.0~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"augeas-devel\", rpm:\"augeas-devel~1.0.0~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"augeas-libs\", rpm:\"augeas-libs~1.0.0~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:26:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "description": "**CentOS Errata and Security Advisory** CESA-2013:1537\n\n\nAugeas is a utility for editing configuration. Augeas parses configuration\nfiles in their native formats and transforms them into a tree.\nConfiguration changes are made by manipulating this tree and saving it back\ninto native configuration files. Augeas also uses \"lenses\" as basic\nbuilding blocks for establishing the mapping from files into the Augeas\ntree and back.\n\nMultiple flaws were found in the way Augeas handled configuration files\nwhen updating them. An application using Augeas to update configuration\nfiles in a directory that is writable to by a different user (for example,\nan application running as root that is updating files in a directory owned\nby a non-root service user) could have been tricked into overwriting\narbitrary files or leaking information via a symbolic link or mount point\nattack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#817753)\n\nThis update also fixes the following bugs:\n\n* Previously, when single quotes were used in an XML attribute, Augeas was\nunable to parse the file with the XML lens. An upstream patch has been\nprovided ensuring that single quotes are handled as valid characters and\nparsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the \"require_ssl_reuse\"\noption in the vsftpd.conf file. The updated patch fixes the vsftpd lens to\nproperly recognize this option, thus fixing this bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with spaces\naround \"=\" characters in option directives. The modprobe lens has been\nupdated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-November/007097.html\n\n**Affected packages:**\naugeas\naugeas-devel\naugeas-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1537.html", "edition": 3, "modified": "2013-11-26T13:31:08", "published": "2013-11-26T13:31:08", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-November/007097.html", "id": "CESA-2013:1537", "title": "augeas security update", "type": "centos", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:47", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "description": "[1.0.0-5]\r\n- Don't package lenses in tests/ subdirectory.\r\n related: rhbz#817753\r\n \n[1.0.0-4]\r\n- Rebase to Augeas 1.0.0\r\n resolves: rhbz#817753\r\n- Add dependency on libxml2-devel.\r\n- Remove all patches (all upstream and included in 1.0.0).\r\n- Print tests/test-suite.log when the tests fail.\r\n- Add fix for regression added in 1.0.0 (RHBZ#920609).\r\n- Fix tests/test-run.", "edition": 4, "modified": "2013-11-25T00:00:00", "published": "2013-11-25T00:00:00", "id": "ELSA-2013-1537", "href": "http://linux.oracle.com/errata/ELSA-2013-1537.html", "title": "augeas security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0786", "CVE-2012-0787"], "description": "Augeas is a utility for editing configuration. Augeas parses configuration\nfiles in their native formats and transforms them into a tree.\nConfiguration changes are made by manipulating this tree and saving it back\ninto native configuration files. Augeas also uses \"lenses\" as basic\nbuilding blocks for establishing the mapping from files into the Augeas\ntree and back.\n\nMultiple flaws were found in the way Augeas handled configuration files\nwhen updating them. An application using Augeas to update configuration\nfiles in a directory that is writable to by a different user (for example,\nan application running as root that is updating files in a directory owned\nby a non-root service user) could have been tricked into overwriting\narbitrary files or leaking information via a symbolic link or mount point\nattack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#817753)\n\nThis update also fixes the following bugs:\n\n* Previously, when single quotes were used in an XML attribute, Augeas was\nunable to parse the file with the XML lens. An upstream patch has been\nprovided ensuring that single quotes are handled as valid characters and\nparsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the \"require_ssl_reuse\"\noption in the vsftpd.conf file. The updated patch fixes the vsftpd lens to\nproperly recognize this option, thus fixing this bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with spaces\naround \"=\" characters in option directives. The modprobe lens has been\nupdated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n", "modified": "2018-06-07T08:59:39", "published": "2013-11-21T05:00:00", "id": "RHSA-2013:1537", "href": "https://access.redhat.com/errata/RHSA-2013:1537", "type": "redhat", "title": "(RHSA-2013:1537) Low: augeas security, bug fix, and enhancement update", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:10", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5107", "CVE-2012-0786", "CVE-2012-0787", "CVE-2012-4453", "CVE-2012-6542", "CVE-2012-6545", "CVE-2013-0221", "CVE-2013-0222", "CVE-2013-0223", "CVE-2013-0242", "CVE-2013-0343", "CVE-2013-1775", "CVE-2013-1813", "CVE-2013-1914", "CVE-2013-1928", "CVE-2013-1929", "CVE-2013-2164", "CVE-2013-2234", "CVE-2013-2776", "CVE-2013-2777", "CVE-2013-2851", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-3231", "CVE-2013-4238", "CVE-2013-4242", "CVE-2013-4332", "CVE-2013-4344", "CVE-2013-4345", "CVE-2013-4387", "CVE-2013-4419", "CVE-2013-4591", "CVE-2013-4592"], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state.\n\nA buffer overflow flaw was found in the way QEMU processed the SCSI \"REPORT\nLUNS\" command when more than 256 LUNs were specified for a single SCSI\ntarget. A privileged guest user could use this flaw to corrupt QEMU process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the QEMU process.\n(CVE-2013-4344)\n\nMultiple flaws were found in the way Linux kernel handled HID (Human\nInterface Device) reports. An attacker with physical access to the system\ncould use this flaw to crash the system or, potentially, escalate their\nprivileges on the system. (CVE-2013-2888, CVE-2013-2889, CVE-2013-2892)\n\nA flaw was found in the way the Python SSL module handled X.509 certificate\nfields that contain a NULL byte. An attacker could potentially exploit this\nflaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that\nto exploit this issue, an attacker would need to obtain a carefully crafted\ncertificate signed by an authority that the client trusts. (CVE-2013-4238)\n\nThe default OpenSSH configuration made it easy for remote attackers to\nexhaust unauthorized connection slots and prevent other users from being\nable to log in to a system. This flaw has been addressed by enabling random\nearly connection drops by setting MaxStartups to 10:30:100 by default.\nFor more information, refer to the sshd_config(5) man page. (CVE-2010-5107)\n\nThe CVE-2013-4344 issue was discovered by Asias He of Red Hat.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-0786 and CVE-2012-0787 (augeas issues)\n\nCVE-2013-1813 (busybox issue)\n\nCVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)\n\nCVE-2012-4453 (dracut issue)\n\nCVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)\n\nCVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591, CVE-2013-4592,\nCVE-2012-6542, CVE-2013-3231, CVE-2013-1929, CVE-2012-6545, CVE-2013-1928,\nCVE-2013-2164, CVE-2013-2234, and CVE-2013-2851 (kernel issues)\n\nCVE-2013-4242 (libgcrypt issue)\n\nCVE-2013-4419 (libguestfs issue)\n\nCVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)\n\nThis update also fixes the following bug:\n\n* A previous version of the rhev-hypervisor6 package did not contain the\nlatest vhostmd package, which provides a \"metrics communication channel\"\nbetween a host and its hosted virtual machines, allowing limited\nintrospection of host resource usage from within virtual machines. This has\nbeen fixed, and rhev-hypervisor6 now includes the latest vhostmd package.\n(BZ#1026703)\n\nThis update also contains the fixes from the following errata:\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "modified": "2018-06-07T08:59:39", "published": "2013-11-21T05:00:00", "id": "RHSA-2013:1527", "href": "https://access.redhat.com/errata/RHSA-2013:1527", "type": "redhat", "title": "(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:59", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "description": "**Issue Overview:**\n\nMultiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. ([CVE-2012-0786 __](<https://access.redhat.com/security/cve/CVE-2012-0786>), [CVE-2012-0787 __](<https://access.redhat.com/security/cve/CVE-2012-0787>))\n\n \n**Affected Packages:** \n\n\naugeas\n\n \n**Issue Correction:** \nRun _yum update augeas_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n augeas-libs-1.0.0-5.5.amzn1.i686 \n augeas-debuginfo-1.0.0-5.5.amzn1.i686 \n augeas-1.0.0-5.5.amzn1.i686 \n augeas-devel-1.0.0-5.5.amzn1.i686 \n \n src: \n augeas-1.0.0-5.5.amzn1.src \n \n x86_64: \n augeas-devel-1.0.0-5.5.amzn1.x86_64 \n augeas-1.0.0-5.5.amzn1.x86_64 \n augeas-debuginfo-1.0.0-5.5.amzn1.x86_64 \n augeas-libs-1.0.0-5.5.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-12-02T20:28:00", "published": "2013-12-02T20:28:00", "id": "ALAS-2013-250", "href": "https://alas.aws.amazon.com/ALAS-2013-250.html", "title": "Low: augeas", "type": "amazon", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:47:56", "description": "Multiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous\nversion.\n\nThis update also fixes the following bugs :\n\n - Previously, when single quotes were used in an XML\n attribute, Augeas was unable to parse the file with the\n XML lens. An upstream patch has been provided ensuring\n that single quotes are handled as valid characters and\n parsing no longer fails.\n\n - Prior to this update, Augeas was unable to set up the\n 'require_ssl_reuse' option in the vsftpd.conf file. The\n updated patch fixes the vsftpd lens to properly\n recognize this option, thus fixing this bug.\n\n - Previously, the XML lens did not support non-Unix line\n endings. Consequently, Augeas was unable to load any\n files containing such line endings. The XML lens has\n been fixed to handle files with CRLF line endings, thus\n fixing this bug.\n\n - Previously, Augeas was unable to parse modprobe.conf\n files with spaces around '=' characters in option\n directives. The modprobe lens has been updated and\n parsing no longer fails.", "edition": 16, "published": "2013-12-04T00:00:00", "title": "Scientific Linux Security Update : augeas on SL6.x i386/x86_64 (20131121)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0787", "CVE-2012-0786"], "modified": "2013-12-04T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:augeas-debuginfo", "p-cpe:/a:fermilab:scientific_linux:augeas", "p-cpe:/a:fermilab:scientific_linux:augeas-libs", "p-cpe:/a:fermilab:scientific_linux:augeas-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20131121_AUGEAS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/71192", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71192);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\");\n\n script_name(english:\"Scientific Linux Security Update : augeas on SL6.x i386/x86_64 (20131121)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous\nversion.\n\nThis update also fixes the following bugs :\n\n - Previously, when single quotes were used in an XML\n attribute, Augeas was unable to parse the file with the\n XML lens. An upstream patch has been provided ensuring\n that single quotes are handled as valid characters and\n parsing no longer fails.\n\n - Prior to this update, Augeas was unable to set up the\n 'require_ssl_reuse' option in the vsftpd.conf file. The\n updated patch fixes the vsftpd lens to properly\n recognize this option, thus fixing this bug.\n\n - Previously, the XML lens did not support non-Unix line\n endings. Consequently, Augeas was unable to load any\n files containing such line endings. The XML lens has\n been fixed to handle files with CRLF line endings, thus\n fixing this bug.\n\n - Previously, Augeas was unable to parse modprobe.conf\n files with spaces around '=' characters in option\n directives. The modprobe lens has been updated and\n parsing no longer fails.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=79\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?701d9b5d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:augeas-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:augeas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:augeas-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"augeas-1.0.0-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"augeas-debuginfo-1.0.0-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"augeas-devel-1.0.0-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"augeas-libs-1.0.0-5.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"augeas / augeas-debuginfo / augeas-devel / augeas-libs\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:43:36", "description": "Multiple race conditions were discovered in augeas when saving\nconfiguration files which expose it to symlink attacks. Write access\nto the directory where the configuration file is located is required\nby the attacker.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-03-26T00:00:00", "title": "Debian DLA-28-1 : augeas security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6412", "CVE-2012-0787", "CVE-2012-0786"], "modified": "2015-03-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libaugeas0", "p-cpe:/a:debian:debian_linux:augeas-lenses", "p-cpe:/a:debian:debian_linux:libaugeas-dev", "p-cpe:/a:debian:debian_linux:augeas-tools", "p-cpe:/a:debian:debian_linux:augeas-dbg"], "id": "DEBIAN_DLA-28.NASL", "href": "https://www.tenable.com/plugins/nessus/82176", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-28-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82176);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\", \"CVE-2013-6412\");\n script_bugtraq_id(63861, 65165);\n\n script_name(english:\"Debian DLA-28-1 : augeas security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple race conditions were discovered in augeas when saving\nconfiguration files which expose it to symlink attacks. Write access\nto the directory where the configuration file is located is required\nby the attacker.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/08/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/augeas\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:augeas-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:augeas-lenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:augeas-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libaugeas-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libaugeas0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"augeas-dbg\", reference:\"0.7.2-1+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"augeas-lenses\", reference:\"0.7.2-1+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"augeas-tools\", reference:\"0.7.2-1+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libaugeas-dev\", reference:\"0.7.2-1+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libaugeas0\", reference:\"0.7.2-1+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:30", "description": "Updated augeas packages fix security vulnerabilities :\n\nMultiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack (CVE-2012-0786, CVE-2012-0787).\n\nA flaw was found in the way Augeas handled certain umask settings when\ncreating new configuration files. This flaw could result in\nconfiguration files being created as world-writable, allowing\nunprivileged local users to modify their content (CVE-2013-6412).", "edition": 26, "published": "2014-01-27T00:00:00", "title": "Mandriva Linux Security Advisory : augeas (MDVSA-2014:022)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6412", "CVE-2012-0787", "CVE-2012-0786"], "modified": "2014-01-27T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64fa1", "p-cpe:/a:mandriva:linux:augeas", "p-cpe:/a:mandriva:linux:lib64augeas-devel", "p-cpe:/a:mandriva:linux:lib64augeas0", "p-cpe:/a:mandriva:linux:augeas-lenses"], "id": "MANDRIVA_MDVSA-2014-022.NASL", "href": "https://www.tenable.com/plugins/nessus/72134", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:022. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72134);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\", \"CVE-2013-6412\");\n script_bugtraq_id(63861);\n script_xref(name:\"MDVSA\", value:\"2014:022\");\n\n script_name(english:\"Mandriva Linux Security Advisory : augeas (MDVSA-2014:022)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated augeas packages fix security vulnerabilities :\n\nMultiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack (CVE-2012-0786, CVE-2012-0787).\n\nA flaw was found in the way Augeas handled certain umask settings when\ncreating new configuration files. This flaw could result in\nconfiguration files being created as world-writable, allowing\nunprivileged local users to modify their content (CVE-2013-6412).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0044\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:augeas-lenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64augeas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64augeas0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64fa1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"augeas-1.1.0-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"augeas-lenses-1.1.0-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64augeas-devel-1.1.0-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64augeas0-1.1.0-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64fa1-1.1.0-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:13:43", "description": "Updated augeas packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nAugeas is a utility for editing configuration. Augeas parses\nconfiguration files in their native formats and transforms them into a\ntree. Configuration changes are made by manipulating this tree and\nsaving it back into native configuration files. Augeas also uses\n'lenses' as basic building blocks for establishing the mapping from\nfiles into the Augeas tree and back.\n\nMultiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#817753)\n\nThis update also fixes the following bugs :\n\n* Previously, when single quotes were used in an XML attribute, Augeas\nwas unable to parse the file with the XML lens. An upstream patch has\nbeen provided ensuring that single quotes are handled as valid\ncharacters and parsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the\n'require_ssl_reuse' option in the vsftpd.conf file. The updated patch\nfixes the vsftpd lens to properly recognize this option, thus fixing\nthis bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with\nspaces around '=' characters in option directives. The modprobe lens\nhas been updated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.", "edition": 25, "published": "2013-11-21T00:00:00", "title": "RHEL 6 : augeas (RHSA-2013:1537)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6607", "CVE-2012-0787", "CVE-2012-0786"], "modified": "2013-11-21T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:augeas-libs", "p-cpe:/a:redhat:enterprise_linux:augeas-devel", "p-cpe:/a:redhat:enterprise_linux:augeas", "p-cpe:/a:redhat:enterprise_linux:augeas-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-1537.NASL", "href": "https://www.tenable.com/plugins/nessus/71000", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1537. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71000);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\", \"CVE-2012-6607\");\n script_xref(name:\"RHSA\", value:\"2013:1537\");\n\n script_name(english:\"RHEL 6 : augeas (RHSA-2013:1537)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated augeas packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nAugeas is a utility for editing configuration. Augeas parses\nconfiguration files in their native formats and transforms them into a\ntree. Configuration changes are made by manipulating this tree and\nsaving it back into native configuration files. Augeas also uses\n'lenses' as basic building blocks for establishing the mapping from\nfiles into the Augeas tree and back.\n\nMultiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#817753)\n\nThis update also fixes the following bugs :\n\n* Previously, when single quotes were used in an XML attribute, Augeas\nwas unable to parse the file with the XML lens. An upstream patch has\nbeen provided ensuring that single quotes are handled as valid\ncharacters and parsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the\n'require_ssl_reuse' option in the vsftpd.conf file. The updated patch\nfixes the vsftpd lens to properly recognize this option, thus fixing\nthis bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with\nspaces around '=' characters in option directives. The modprobe lens\nhas been updated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0786\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:augeas-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:augeas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:augeas-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1537\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"augeas-1.0.0-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"augeas-1.0.0-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"augeas-1.0.0-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"augeas-debuginfo-1.0.0-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"augeas-devel-1.0.0-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"augeas-libs-1.0.0-5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"augeas / augeas-debuginfo / augeas-devel / augeas-libs\");\n }\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:48:19", "description": "From Red Hat Security Advisory 2013:1537 :\n\nUpdated augeas packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nAugeas is a utility for editing configuration. Augeas parses\nconfiguration files in their native formats and transforms them into a\ntree. Configuration changes are made by manipulating this tree and\nsaving it back into native configuration files. Augeas also uses\n'lenses' as basic building blocks for establishing the mapping from\nfiles into the Augeas tree and back.\n\nMultiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#817753)\n\nThis update also fixes the following bugs :\n\n* Previously, when single quotes were used in an XML attribute, Augeas\nwas unable to parse the file with the XML lens. An upstream patch has\nbeen provided ensuring that single quotes are handled as valid\ncharacters and parsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the\n'require_ssl_reuse' option in the vsftpd.conf file. The updated patch\nfixes the vsftpd lens to properly recognize this option, thus fixing\nthis bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with\nspaces around '=' characters in option directives. The modprobe lens\nhas been updated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.", "edition": 22, "published": "2013-11-27T00:00:00", "title": "Oracle Linux 6 : augeas (ELSA-2013-1537)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6607", "CVE-2012-0787", "CVE-2012-0786"], "modified": "2013-11-27T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:augeas-libs", "p-cpe:/a:oracle:linux:augeas", "p-cpe:/a:oracle:linux:augeas-devel"], "id": "ORACLELINUX_ELSA-2013-1537.NASL", "href": "https://www.tenable.com/plugins/nessus/71102", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1537 and \n# Oracle Linux Security Advisory ELSA-2013-1537 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71102);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\", \"CVE-2012-6607\");\n script_bugtraq_id(63861);\n script_xref(name:\"RHSA\", value:\"2013:1537\");\n\n script_name(english:\"Oracle Linux 6 : augeas (ELSA-2013-1537)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1537 :\n\nUpdated augeas packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nAugeas is a utility for editing configuration. Augeas parses\nconfiguration files in their native formats and transforms them into a\ntree. Configuration changes are made by manipulating this tree and\nsaving it back into native configuration files. Augeas also uses\n'lenses' as basic building blocks for establishing the mapping from\nfiles into the Augeas tree and back.\n\nMultiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#817753)\n\nThis update also fixes the following bugs :\n\n* Previously, when single quotes were used in an XML attribute, Augeas\nwas unable to parse the file with the XML lens. An upstream patch has\nbeen provided ensuring that single quotes are handled as valid\ncharacters and parsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the\n'require_ssl_reuse' option in the vsftpd.conf file. The updated patch\nfixes the vsftpd lens to properly recognize this option, thus fixing\nthis bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with\nspaces around '=' characters in option directives. The modprobe lens\nhas been updated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-November/003803.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected augeas packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:augeas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:augeas-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"augeas-1.0.0-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"augeas-devel-1.0.0-5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"augeas-libs-1.0.0-5.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"augeas / augeas-devel / augeas-libs\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:29:06", "description": "Updated augeas packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nAugeas is a utility for editing configuration. Augeas parses\nconfiguration files in their native formats and transforms them into a\ntree. Configuration changes are made by manipulating this tree and\nsaving it back into native configuration files. Augeas also uses\n'lenses' as basic building blocks for establishing the mapping from\nfiles into the Augeas tree and back.\n\nMultiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#817753)\n\nThis update also fixes the following bugs :\n\n* Previously, when single quotes were used in an XML attribute, Augeas\nwas unable to parse the file with the XML lens. An upstream patch has\nbeen provided ensuring that single quotes are handled as valid\ncharacters and parsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the\n'require_ssl_reuse' option in the vsftpd.conf file. The updated patch\nfixes the vsftpd lens to properly recognize this option, thus fixing\nthis bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with\nspaces around '=' characters in option directives. The modprobe lens\nhas been updated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.", "edition": 25, "published": "2014-11-12T00:00:00", "title": "CentOS 6 : augeas (CESA-2013:1537)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6607", "CVE-2012-0787", "CVE-2012-0786"], "modified": "2014-11-12T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:augeas", "p-cpe:/a:centos:centos:augeas-devel", "p-cpe:/a:centos:centos:augeas-libs"], "id": "CENTOS_RHSA-2013-1537.NASL", "href": "https://www.tenable.com/plugins/nessus/79157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1537 and \n# CentOS Errata and Security Advisory 2013:1537 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79157);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2012-0787\", \"CVE-2012-6607\");\n script_xref(name:\"RHSA\", value:\"2013:1537\");\n\n script_name(english:\"CentOS 6 : augeas (CESA-2013:1537)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated augeas packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nAugeas is a utility for editing configuration. Augeas parses\nconfiguration files in their native formats and transforms them into a\ntree. Configuration changes are made by manipulating this tree and\nsaving it back into native configuration files. Augeas also uses\n'lenses' as basic building blocks for establishing the mapping from\nfiles into the Augeas tree and back.\n\nMultiple flaws were found in the way Augeas handled configuration\nfiles when updating them. An application using Augeas to update\nconfiguration files in a directory that is writable to by a different\nuser (for example, an application running as root that is updating\nfiles in a directory owned by a non-root service user) could have been\ntricked into overwriting arbitrary files or leaking information via a\nsymbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)\n\nThe augeas package has been upgraded to upstream version 1.0.0, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#817753)\n\nThis update also fixes the following bugs :\n\n* Previously, when single quotes were used in an XML attribute, Augeas\nwas unable to parse the file with the XML lens. An upstream patch has\nbeen provided ensuring that single quotes are handled as valid\ncharacters and parsing no longer fails. (BZ#799885)\n\n* Prior to this update, Augeas was unable to set up the\n'require_ssl_reuse' option in the vsftpd.conf file. The updated patch\nfixes the vsftpd lens to properly recognize this option, thus fixing\nthis bug. (BZ#855022)\n\n* Previously, the XML lens did not support non-Unix line endings.\nConsequently, Augeas was unable to load any files containing such line\nendings. The XML lens has been fixed to handle files with CRLF line\nendings, thus fixing this bug. (BZ#799879)\n\n* Previously, Augeas was unable to parse modprobe.conf files with\nspaces around '=' characters in option directives. The modprobe lens\nhas been updated and parsing no longer fails. (BZ#826752)\n\nAll Augeas users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-November/000897.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?995b680b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected augeas packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0787\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:augeas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:augeas-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"augeas-1.0.0-5.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"augeas-devel-1.0.0-5.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"augeas-libs-1.0.0-5.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"augeas / augeas-devel / augeas-libs\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:37:38", "description": "Augeas has been updated to fix a symlink overwrite problem.\n(CVE-2012-0786 / CVE-2013-6412)\n\nAlso a bug has been fixed where 'augtool -s set was failing'.\n(bnc#876044)\n\nAdditionally parsing the multipath configuration has been fixed.\nbnc#871323", "edition": 16, "published": "2014-08-14T00:00:00", "title": "SuSE 11.3 Security Update : augeas (SAT Patch Number 9574)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6412", "CVE-2012-0786"], "modified": "2014-08-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libaugeas0", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:augeas-lenses", "p-cpe:/a:novell:suse_linux:11:augeas"], "id": "SUSE_11_AUGEAS-140730.NASL", "href": "https://www.tenable.com/plugins/nessus/77196", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77196);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0786\", \"CVE-2013-6412\");\n\n script_name(english:\"SuSE 11.3 Security Update : augeas (SAT Patch Number 9574)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Augeas has been updated to fix a symlink overwrite problem.\n(CVE-2012-0786 / CVE-2013-6412)\n\nAlso a bug has been fixed where 'augtool -s set was failing'.\n(bnc#876044)\n\nAdditionally parsing the multipath configuration has been fixed.\nbnc#871323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=876044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=885003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0786.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6412.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9574.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:augeas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:augeas-lenses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libaugeas0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libaugeas0-0.9.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libaugeas0-0.9.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"augeas-0.9.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"augeas-lenses-0.9.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libaugeas0-0.9.0-3.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:13:42", "description": "An updated rhev-hypervisor6 package that fixes multiple security\nissues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of 'Install Failed'. If this happens, place the\nhost into maintenance mode, then activate it again to get the host\nback to an 'Up' state.\n\nA buffer overflow flaw was found in the way QEMU processed the SCSI\n'REPORT LUNS' command when more than 256 LUNs were specified for a\nsingle SCSI target. A privileged guest user could use this flaw to\ncorrupt QEMU process memory on the host, which could potentially\nresult in arbitrary code execution on the host with the privileges of\nthe QEMU process. (CVE-2013-4344)\n\nMultiple flaws were found in the way Linux kernel handled HID (Human\nInterface Device) reports. An attacker with physical access to the\nsystem could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-2888,\nCVE-2013-2889, CVE-2013-2892)\n\nA flaw was found in the way the Python SSL module handled X.509\ncertificate fields that contain a NULL byte. An attacker could\npotentially exploit this flaw to conduct man-in-the-middle attacks to\nspoof SSL servers. Note that to exploit this issue, an attacker would\nneed to obtain a carefully crafted certificate signed by an authority\nthat the client trusts. (CVE-2013-4238)\n\nThe default OpenSSH configuration made it easy for remote attackers to\nexhaust unauthorized connection slots and prevent other users from\nbeing able to log in to a system. This flaw has been addressed by\nenabling random early connection drops by setting MaxStartups to\n10:30:100 by default. For more information, refer to the\nsshd_config(5) man page. (CVE-2010-5107)\n\nThe CVE-2013-4344 issue was discovered by Asias He of Red Hat.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2012-0786 and CVE-2012-0787 (augeas issues)\n\nCVE-2013-1813 (busybox issue)\n\nCVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)\n\nCVE-2012-4453 (dracut issue)\n\nCVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)\n\nCVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591,\nCVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929,\nCVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and\nCVE-2013-2851 (kernel issues)\n\nCVE-2013-4242 (libgcrypt issue)\n\nCVE-2013-4419 (libguestfs issue)\n\nCVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)\n\nThis update also fixes the following bug :\n\n* A previous version of the rhev-hypervisor6 package did not contain\nthe latest vhostmd package, which provides a 'metrics communication\nchannel' between a host and its hosted virtual machines, allowing\nlimited introspection of host resource usage from within virtual\nmachines. This has been fixed, and rhev-hypervisor6 now includes the\nlatest vhostmd package. (BZ#1026703)\n\nThis update also contains the fixes from the following errata :\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues.", "edition": 27, "published": "2014-11-08T00:00:00", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2234", "CVE-2013-1775", "CVE-2013-4345", "CVE-2013-0242", "CVE-2012-4453", "CVE-2013-4238", "CVE-2013-0223", "CVE-2013-1813", "CVE-2013-3231", "CVE-2013-2892", "CVE-2013-4592", "CVE-2013-4242", "CVE-2013-4419", "CVE-2012-6545", "CVE-2012-6542", "CVE-2013-0222", "CVE-2012-0787", "CVE-2013-1929", "CVE-2013-2777", "CVE-2013-4332", "CVE-2010-5107", "CVE-2013-2851", "CVE-2013-1914", "CVE-2012-0786", "CVE-2013-2776", "CVE-2013-4387", "CVE-2013-0343", "CVE-2013-1928", "CVE-2013-0221", "CVE-2013-2888", "CVE-2013-2164", "CVE-2013-2889", "CVE-2013-4591", "CVE-2013-4344"], "modified": "2014-11-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-1527.NASL", "href": "https://www.tenable.com/plugins/nessus/78979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1527. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78979);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-5107\", \"CVE-2013-2888\", \"CVE-2013-2889\", \"CVE-2013-2892\", \"CVE-2013-4238\", \"CVE-2013-4344\");\n script_bugtraq_id(58162, 61738, 62042, 62043, 62049, 62773);\n script_xref(name:\"RHSA\", value:\"2013:1527\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated rhev-hypervisor6 package that fixes multiple security\nissues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of 'Install Failed'. If this happens, place the\nhost into maintenance mode, then activate it again to get the host\nback to an 'Up' state.\n\nA buffer overflow flaw was found in the way QEMU processed the SCSI\n'REPORT LUNS' command when more than 256 LUNs were specified for a\nsingle SCSI target. A privileged guest user could use this flaw to\ncorrupt QEMU process memory on the host, which could potentially\nresult in arbitrary code execution on the host with the privileges of\nthe QEMU process. (CVE-2013-4344)\n\nMultiple flaws were found in the way Linux kernel handled HID (Human\nInterface Device) reports. An attacker with physical access to the\nsystem could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-2888,\nCVE-2013-2889, CVE-2013-2892)\n\nA flaw was found in the way the Python SSL module handled X.509\ncertificate fields that contain a NULL byte. An attacker could\npotentially exploit this flaw to conduct man-in-the-middle attacks to\nspoof SSL servers. Note that to exploit this issue, an attacker would\nneed to obtain a carefully crafted certificate signed by an authority\nthat the client trusts. (CVE-2013-4238)\n\nThe default OpenSSH configuration made it easy for remote attackers to\nexhaust unauthorized connection slots and prevent other users from\nbeing able to log in to a system. This flaw has been addressed by\nenabling random early connection drops by setting MaxStartups to\n10:30:100 by default. For more information, refer to the\nsshd_config(5) man page. (CVE-2010-5107)\n\nThe CVE-2013-4344 issue was discovered by Asias He of Red Hat.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2012-0786 and CVE-2012-0787 (augeas issues)\n\nCVE-2013-1813 (busybox issue)\n\nCVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)\n\nCVE-2012-4453 (dracut issue)\n\nCVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)\n\nCVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591,\nCVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929,\nCVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and\nCVE-2013-2851 (kernel issues)\n\nCVE-2013-4242 (libgcrypt issue)\n\nCVE-2013-4419 (libguestfs issue)\n\nCVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)\n\nThis update also fixes the following bug :\n\n* A previous version of the rhev-hypervisor6 package did not contain\nthe latest vhostmd package, which provides a 'metrics communication\nchannel' between a host and its hosted virtual machines, allowing\nlimited introspection of host resource usage from within virtual\nmachines. This has been fixed, and rhev-hypervisor6 now includes the\nlatest vhostmd package. (BZ#1026703)\n\nThis update also contains the fixes from the following errata :\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues.\"\n );\n # https://rhn.redhat.com/errata/RHBA-2013-1528.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2013:1528\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-5107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4238\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1527\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.5-20131115.0.3.2.el6_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2013-6412", "CVE-2012-0787", "CVE-2012-0786"], "description": "Weak permissions, symbolic links vulnerabilities.", "edition": 1, "modified": "2014-01-29T00:00:00", "published": "2014-01-29T00:00:00", "id": "SECURITYVULNS:VULN:13538", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13538", "title": "Augeas multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-6412", "CVE-2012-0787", "CVE-2012-0786"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:022\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : augeas\r\n Date : January 24, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated augeas packages fix security vulnerabilities:\r\n \r\n Multiple flaws were found in the way Augeas handled configuration files\r\n when updating them. An application using Augeas to update configuration\r\n files in a directory that is writable to by a different user &#40;for\r\n example, an application running as root that is updating files in a\r\n directory owned by a non-root service user&#41; could have been tricked\r\n into overwriting arbitrary files or leaking information via a symbolic\r\n link or mount point attack &#40;CVE-2012-0786, CVE-2012-0787&#41;.\r\n \r\n A flaw was found in the way Augeas handled certain umask settings\r\n when creating new configuration files. This flaw could result\r\n in configuration files being created as world writable, allowing\r\n unprivileged local users to modify their content &#40;CVE-2013-6412&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0787\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412\r\n https://rhn.redhat.com/errata/RHSA-2013-1537.html\r\n https://rhn.redhat.com/errata/RHSA-2014-0044.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 799a59ca268bf8f01dcdf8bfdb5e038f mbs1/x86_64/augeas-1.1.0-1.1.mbs1.x86_64.rpm\r\n 83a4643fa57cdab5a5191999bc687925 mbs1/x86_64/augeas-lenses-1.1.0-1.1.mbs1.x86_64.rpm\r\n 19623ba70567eed99d718bcad1ce9a35 mbs1/x86_64/lib64augeas0-1.1.0-1.1.mbs1.x86_64.rpm\r\n 7f039c5e0a965cfa21fda1dceba9e22f mbs1/x86_64/lib64augeas-devel-1.1.0-1.1.mbs1.x86_64.rpm\r\n 123fda0cfde74d4b5f19a0d3ecffe323 mbs1/x86_64/lib64fa1-1.1.0-1.1.mbs1.x86_64.rpm \r\n 9bc8bccb4b3d3a7901b018a604e5f5fb mbs1/SRPMS/augeas-1.1.0-1.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFS4o6FmqjQ0CJFipgRAqzXAJ9mMIeUMIprErjkvjDP1wMn+C5tSQCgsZKu\r\nk5Ku18i2UyRIA0FjIE89kQ8=\r\n=F2IH\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-01-29T00:00:00", "published": "2014-01-29T00:00:00", "id": "SECURITYVULNS:DOC:30258", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30258", "title": "[ MDVSA-2014:022 ] augeas", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:18:18", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6412", "CVE-2012-0787", "CVE-2012-0786"], "description": "Package : augeas\nVersion : 0.7.2-1+deb6u1\nCVE ID : CVE-2012-0786 CVE-2012-0787 CVE-2013-6412\nDebian Bug : 731111 731132\n\nMultiple race conditions were discovered in augeas when saving\nconfiguration files which expose it to symlink attacks.\nWrite access to the directory where the configuration file is located\nis required by the attacker.\n", "edition": 7, "modified": "2014-08-01T11:26:44", "published": "2014-08-01T11:26:44", "id": "DEBIAN:DLA-28-1:4A4C5", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201408/msg00001.html", "title": "[DLA 28-1] augeas security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}