Back to search
CVE-2012-0787
Published: Nov 23, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
55811
third-party-advisory
x_refsource_SECUNIA
http://augeas.net/news.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=772261
x_refsource_CONFIRM
RHSA-2013:1537
vendor-advisory
x_refsource_REDHAT
https://github.com/hercules-team/augeas/commit/b8de6a8c
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now