Vulnerability Details CVE-2013-6412
The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.2%
CVSS Severity
CVSS v2 Score 4.6
References
- http://rhn.redhat.com/errata/RHSA-2014-0044.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1034261
- https://github.com/hercules-team/augeas/commit/f5b4fc0c
- https://github.com/hercules-team/augeas/pull/58
- http://rhn.redhat.com/errata/RHSA-2014-0044.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1034261
- https://github.com/hercules-team/augeas/commit/f5b4fc0c
- https://github.com/hercules-team/augeas/pull/58