Main Vulnerability Database Vulnerabilities #VU32579

Permissions, Privileges, and Access Controls in Augeas - CVE-2013-6412

Published: January 23, 2014 / Updated: July 28, 2020

Vulnerability identifier: #VU32579

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-6412

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
Augeas

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.

How to mitigate CVE-2013-6412

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2014-0044.html
https://bugzilla.redhat.com/show_bug.cgi?id=1034261
https://github.com/hercules-team/augeas/commit/f5b4fc0c
https://github.com/hercules-team/augeas/pull/58

Permissions, Privileges, and Access Controls in Augeas - CVE-2013-6412

Detailed vulnerability description

How to mitigate CVE-2013-6412

Sources

Please verify you're human