World-writable permissions vulnerability in Augeas transform_save function

World-writable permissions vulnerability in Augeas transform_save function

CVE-2013-6412 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.

Learn more about our User Device Pen Test.