CVE-2012-6607

Name of the Vulnerable Software and Affected Versions Augeas versions prior to 1.0.0

Description The issue allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action. This occurs due to a problem in the transform save function in transform.c.

Recommendations For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the transform save function in transform.c to minimize the risk of exploitation.