CVE-2012-0787
Public on 2013-11-23
Modified on 2014-09-16
Description
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | augeas | 2013-12-02 | ALAS-2013-250 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 2.6 | AV:L/AC:H/Au:N/C:P/I:P/A:N |
| NVD | CVSSv2 | 3.7 | AV:L/AC:H/Au:N/C:P/I:P/A:P |