The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-11-23 10:55
Updated : 2014-01-23 20:24
NVD link : CVE-2012-0786
Mitre link : CVE-2012-0786
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
augeas
- augeas