5 matches found
CVE-2013-6412
The transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors...
CVE-2012-0786
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...
CVE-2012-6607
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...
CVE-2012-0786
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...
CVE-2012-6607
Summary (CVE-2012-0786, CVE-2012-0787, CVE-2013-6412) : AUGEAS up to 1.0.0 contains a symlink/permission bug in the transformation/save logic (transform_save in transform.c) and related file handling (clone_file/save paths). Exploitation can allow a local attacker to overwrite arbitrary files and...