ID CVE-2012-0787
Summary The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:augeas:augeas:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:augeas:augeas:0.10.0:*:*:*:*:*:*:*
CVSS
Base: 3.7 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 855022
title option in vsftpd.conf
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment augeas is earlier than 0:1.0.0-5.el6
        oval oval:com.redhat.rhsa:tst:20131537005
      • comment augeas is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131537006
    • AND
      • comment augeas-devel is earlier than 0:1.0.0-5.el6
        oval oval:com.redhat.rhsa:tst:20131537007
      • comment augeas-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131537008
    • AND
      • comment augeas-libs is earlier than 0:1.0.0-5.el6
        oval oval:com.redhat.rhsa:tst:20131537009
      • comment augeas-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131537010
rhsa
id RHSA-2013:1537
released 2013-11-21
severity Low
title RHSA-2013:1537: augeas security, bug fix, and enhancement update (Low)
rpms
  • augeas-0:1.0.0-5.el6
  • augeas-devel-0:1.0.0-5.el6
  • augeas-libs-0:1.0.0-5.el6
refmap via4
confirm
secunia 55811
Last major update 22-04-2019 - 17:48
Published 23-11-2013 - 18:55
Back to Top