Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2013-6412 | First vendor Publication | 2014-01-22 |
Vendor | Cve | Last vendor Modification | 2014-01-23 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22025 | |||
Oval ID: | oval:org.mitre.oval:def:22025 | ||
Title: | RHSA-2014:0044: augeas security update (Moderate) | ||
Description: | The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0044-00 CESA-2014:0044 CVE-2013-6412 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | augeas |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24181 | |||
Oval ID: | oval:org.mitre.oval:def:24181 | ||
Title: | ELSA-2014:0044: augeas security update (Moderate) | ||
Description: | The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0044-00 CVE-2013-6412 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | augeas |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25960 | |||
Oval ID: | oval:org.mitre.oval:def:25960 | ||
Title: | SUSE-SU-2014:1017-1 -- Security update for augeas | ||
Description: | Augeas has been updated to fix a symlink overwrite problem. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1017-1 CVE-2012-0786 CVE-2013-6412 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | augeas |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26875 | |||
Oval ID: | oval:org.mitre.oval:def:26875 | ||
Title: | DEPRECATED: SUSE-SU-2014:1017-1 -- Security update for augeas | ||
Description: | Augeas has been updated to fix a symlink overwrite problem. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1017-1 CVE-2012-0786 CVE-2013-6412 | Version: | 4 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | augeas |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26988 | |||
Oval ID: | oval:org.mitre.oval:def:26988 | ||
Title: | DEPRECATED: ELSA-2014-0044 -- augeas security update (moderate) | ||
Description: | [1.0.0-5.1] - Fix CVE-2013-6412, incorrect permissions under strict umask (RHBZ#1036079) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-0044 CVE-2013-6412 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | augeas |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-28.nasl - Type : ACT_GATHER_INFO |
2014-08-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_augeas-140730.nasl - Type : ACT_GATHER_INFO |
2014-03-17 | Name : The remote Fedora host is missing a security update. File : fedora_2014-2445.nasl - Type : ACT_GATHER_INFO |
2014-03-17 | Name : The remote Fedora host is missing a security update. File : fedora_2014-2452.nasl - Type : ACT_GATHER_INFO |
2014-02-05 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-286.nasl - Type : ACT_GATHER_INFO |
2014-01-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-022.nasl - Type : ACT_GATHER_INFO |
2014-01-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140120_augeas_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0044.nasl - Type : ACT_GATHER_INFO |
2014-01-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0044.nasl - Type : ACT_GATHER_INFO |
2014-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0044.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:28:08 |
|
2021-04-22 01:33:56 |
|
2020-05-23 00:38:40 |
|
2016-04-26 23:46:23 |
|
2015-03-27 13:27:57 |
|
2014-08-15 13:27:43 |
|
2014-03-18 13:21:30 |
|
2014-02-17 11:24:10 |
|
2014-01-30 13:20:38 |
|
2014-01-23 21:21:13 |
|
2014-01-23 13:19:10 |
|