ID CVE-2012-0787
Summary The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • Augeas 0.0.1
    cpe:2.3:a:augeas:augeas:0.0.1
  • Augeas 0.0.2
    cpe:2.3:a:augeas:augeas:0.0.2
  • Augeas 0.0.3
    cpe:2.3:a:augeas:augeas:0.0.3
  • Augeas 0.0.4
    cpe:2.3:a:augeas:augeas:0.0.4
  • Augeas 0.0.5
    cpe:2.3:a:augeas:augeas:0.0.5
  • Augeas 0.0.6
    cpe:2.3:a:augeas:augeas:0.0.6
  • Augeas 0.0.7
    cpe:2.3:a:augeas:augeas:0.0.7
  • Augeas 0.0.8
    cpe:2.3:a:augeas:augeas:0.0.8
  • Augeas 0.1.0
    cpe:2.3:a:augeas:augeas:0.1.0
  • Augeas 0.1.1
    cpe:2.3:a:augeas:augeas:0.1.1
  • Augeas 0.2.0
    cpe:2.3:a:augeas:augeas:0.2.0
  • Augeas 0.2.1
    cpe:2.3:a:augeas:augeas:0.2.1
  • Augeas 0.2.2
    cpe:2.3:a:augeas:augeas:0.2.2
  • Augeas 0.3.0
    cpe:2.3:a:augeas:augeas:0.3.0
  • Augeas 0.3.1
    cpe:2.3:a:augeas:augeas:0.3.1
  • Augeas 0.3.2
    cpe:2.3:a:augeas:augeas:0.3.2
  • Augeas 0.3.3
    cpe:2.3:a:augeas:augeas:0.3.3
  • Augeas 0.3.4
    cpe:2.3:a:augeas:augeas:0.3.4
  • Augeas 0.3.5
    cpe:2.3:a:augeas:augeas:0.3.5
  • Augeas 0.3.6
    cpe:2.3:a:augeas:augeas:0.3.6
  • Augeas 0.4.0
    cpe:2.3:a:augeas:augeas:0.4.0
  • Augeas 0.4.1
    cpe:2.3:a:augeas:augeas:0.4.1
  • Augeas 0.4.2
    cpe:2.3:a:augeas:augeas:0.4.2
  • Augeas 0.5.0
    cpe:2.3:a:augeas:augeas:0.5.0
  • Augeas 0.5.1
    cpe:2.3:a:augeas:augeas:0.5.1
  • Augeas 0.5.2
    cpe:2.3:a:augeas:augeas:0.5.2
  • Augeas 0.5.3
    cpe:2.3:a:augeas:augeas:0.5.3
  • Augeas 0.6.0
    cpe:2.3:a:augeas:augeas:0.6.0
  • Augeas 0.7.0
    cpe:2.3:a:augeas:augeas:0.7.0
  • Augeas 0.7.1
    cpe:2.3:a:augeas:augeas:0.7.1
  • Augeas 0.7.2
    cpe:2.3:a:augeas:augeas:0.7.2
  • Augeas 0.7.3
    cpe:2.3:a:augeas:augeas:0.7.3
  • Augeas 0.7.4
    cpe:2.3:a:augeas:augeas:0.7.4
  • Augeas 0.8.0
    cpe:2.3:a:augeas:augeas:0.8.0
  • Augeas 0.8.1
    cpe:2.3:a:augeas:augeas:0.8.1
  • Augeas 0.9.0
    cpe:2.3:a:augeas:augeas:0.9.0
  • Augeas 0.10.0
    cpe:2.3:a:augeas:augeas:0.10.0
CVSS
Base: 3.7 (as of 25-11-2013 - 12:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-022.NASL
    description Updated augeas packages fix security vulnerabilities : Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack (CVE-2012-0786, CVE-2012-0787). A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world-writable, allowing unprivileged local users to modify their content (CVE-2013-6412).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 72134
    published 2014-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72134
    title Mandriva Linux Security Advisory : augeas (MDVSA-2014:022)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1537.NASL
    description Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses 'lenses' as basic building blocks for establishing the mapping from files into the Augeas tree and back. Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787) The augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#817753) This update also fixes the following bugs : * Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails. (BZ#799885) * Prior to this update, Augeas was unable to set up the 'require_ssl_reuse' option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug. (BZ#855022) * Previously, the XML lens did not support non-Unix line endings. Consequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug. (BZ#799879) * Previously, Augeas was unable to parse modprobe.conf files with spaces around '=' characters in option directives. The modprobe lens has been updated and parsing no longer fails. (BZ#826752) All Augeas users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71000
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71000
    title RHEL 6 : augeas (RHSA-2013:1537)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1537.NASL
    description From Red Hat Security Advisory 2013:1537 : Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses 'lenses' as basic building blocks for establishing the mapping from files into the Augeas tree and back. Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787) The augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#817753) This update also fixes the following bugs : * Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails. (BZ#799885) * Prior to this update, Augeas was unable to set up the 'require_ssl_reuse' option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug. (BZ#855022) * Previously, the XML lens did not support non-Unix line endings. Consequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug. (BZ#799879) * Previously, Augeas was unable to parse modprobe.conf files with spaces around '=' characters in option directives. The modprobe lens has been updated and parsing no longer fails. (BZ#826752) All Augeas users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71102
    published 2013-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71102
    title Oracle Linux 6 : augeas (ELSA-2013-1537)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-250.NASL
    description Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786 , CVE-2012-0787)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 71267
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71267
    title Amazon Linux AMI : augeas (ALAS-2013-250)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-28.NASL
    description Multiple race conditions were discovered in augeas when saving configuration files which expose it to symlink attacks. Write access to the directory where the configuration file is located is required by the attacker. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82176
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82176
    title Debian DLA-28-1 : augeas security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131121_AUGEAS_ON_SL6_X.NASL
    description Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787) The augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bugs : - Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails. - Prior to this update, Augeas was unable to set up the 'require_ssl_reuse' option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug. - Previously, the XML lens did not support non-Unix line endings. Consequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug. - Previously, Augeas was unable to parse modprobe.conf files with spaces around '=' characters in option directives. The modprobe lens has been updated and parsing no longer fails.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71192
    published 2013-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71192
    title Scientific Linux Security Update : augeas on SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1537.NASL
    description Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses 'lenses' as basic building blocks for establishing the mapping from files into the Augeas tree and back. Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787) The augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#817753) This update also fixes the following bugs : * Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails. (BZ#799885) * Prior to this update, Augeas was unable to set up the 'require_ssl_reuse' option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug. (BZ#855022) * Previously, the XML lens did not support non-Unix line endings. Consequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug. (BZ#799879) * Previously, Augeas was unable to parse modprobe.conf files with spaces around '=' characters in option directives. The modprobe lens has been updated and parsing no longer fails. (BZ#826752) All Augeas users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79157
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79157
    title CentOS 6 : augeas (CESA-2013:1537)
redhat via4
advisories
bugzilla
id 855022
title option in vsftpd.conf
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment augeas is earlier than 0:1.0.0-5.el6
        oval oval:com.redhat.rhsa:tst:20131537005
      • comment augeas is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131537006
    • AND
      • comment augeas-devel is earlier than 0:1.0.0-5.el6
        oval oval:com.redhat.rhsa:tst:20131537007
      • comment augeas-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131537008
    • AND
      • comment augeas-libs is earlier than 0:1.0.0-5.el6
        oval oval:com.redhat.rhsa:tst:20131537009
      • comment augeas-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131537010
rhsa
id RHSA-2013:1537
released 2013-11-21
severity Low
title RHSA-2013:1537: augeas security, bug fix, and enhancement update (Low)
rpms
  • augeas-0:1.0.0-5.el6
  • augeas-devel-0:1.0.0-5.el6
  • augeas-libs-0:1.0.0-5.el6
refmap via4
confirm
secunia 55811
Last major update 27-02-2014 - 18:10
Published 23-11-2013 - 13:55
Last modified 22-04-2019 - 13:48
Back to Top