21 matches found
Symlink Attack
Augeas is vulnerable to symlink attack. The attack is possible because transformsave function in transform.c does not prevent a local user to trigger a symlink attack on a .augnew file...
World Writable Permissions
augeas is vulnerable to world writable permissions. The vulnerability exists as the transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files...
CVE-2013-6412
The transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors...
Code injection
The transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors...
CVE-2013-6412
The transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors...
CVE-2013-6412
The transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors...
CVE-2013-6412
CVE-2013-6412 affects Augeas, specifically the transform_save logic in transform.c for versions 1.0.0 to 1.1.0. The root cause is incorrect calculation of permission values when the umask contains a 7, leading to world-writable new files and enabling local users to modify files via unspecified ve...
CVE-2013-6412
The transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors...
CVE-2012-6607
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...
CVE-2012-0786
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...
Design/Logic Flaw
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...
UBUNTU-CVE-2012-0786
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...
CVE-2012-6607
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...
CVE-2012-0786
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...
Design/Logic Flaw
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...
CVE-2012-6607
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...
CVE-2012-0786
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...
CVE-2012-0786
CVE-2012-0786 concerns Augeas: the transform_save function in transform.c before 1.0.0 allows local users to overwrite arbitrary files and disclose sensitive data via a symlink attack on a .augnew file. Real-world references across multiple advisories confirm the affected component is Augeas and ...
CVE-2012-0786
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...
CVE-2012-6607
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...