CVE-2012-6607 — Path Traversal in Augeas

CWE-22 — Path Traversal6 documents6 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 85.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Augeas Debian Augeas

Timeline

PublishedNov 23

Latest updateMay 17

Description

The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786.

CVSS vector

AV:L/AC:M/C:P/I:P/A:NExploitability: 3.4 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/augeas< augeas 1.0.0-1 (bookworm)

▶Debianaugeas/augeas< 1.0.0-1+3

▶NVDaugeas/augeas0.10.0+36

🔴Vulnerability Details

GHSA

GHSA-2x6r-rq7f-fcrj: The transform_save function in transform↗2022-05-17

▶

OSV

CVE-2012-6607: The transform_save function in transform↗2013-11-23

▶

📋Vendor Advisories

Red Hat

augeas: symlink attack on a .augsave file↗2013-11-21

▶

Debian

CVE-2012-6607: augeas - The transform_save function in transform.c in Augeas before 1.0.0 allows local u...↗2012

▶

💬Community

Bugzilla

CVE-2012-6607 augeas: symlink attack on a .augsave file↗2013-11-25

▶