CVE-2012-0787

Name of the Vulnerable Software and Affected Versions Augeas versions prior to 1.0.0

Description The issue allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on certain files when using specific save options. This can occur when the copy if rename fails is set and certain error conditions are met by the rename function. The affected files include the .augsave or destination file when using the backup save option, or the .augnew file when using the newfile save option.

Recommendations For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the clone file function in transfer.c until a patch is available. Restrict access to the copy if rename fails option to minimize the risk of exploitation. Avoid using the backup save option or the newfile save option with the clone file function until the issue is resolved.