CVE-2013-6412Augeas vulnerability

CWE-2648 documents6 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 86.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AugeasDebian Augeas
Timeline
PublishedJan 23
Latest updateMay 17

Description

The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

debiandebian/augeas< augeas 1.2.0-0.1 (bookworm)
Debianaugeas/augeas< 1.2.0-0.1+3
NVDaugeas/augeas1.0.0, 1.1.0+1

🔴Vulnerability Details

2
GHSA
GHSA-92m6-rfw4-wpq6: The transform_save function in transform2022-05-17
OSV
CVE-2013-6412: The transform_save function in transform2014-01-23

📋Vendor Advisories

2
Red Hat
augeas: incorrect permissions set on newly created files2013-11-25
Debian
CVE-2013-6412: augeas - The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does no...2013

💬Community

3
Bugzilla
CVE-2013-6412 augeas: incorrect permissions set on newly created files [epel-5]2013-11-29
Bugzilla
CVE-2013-6412 augeas: incorrect permissions set on newly created files [fedora-all]2013-11-29
Bugzilla
CVE-2013-6412 augeas: incorrect permissions set on newly created files2013-11-25