CVE-2013-6412

Name of the Vulnerable Software and Affected Versions Augeas versions 1.0.0 through 1.1.0

Description The issue is related to the transform save function in transform.c which does not properly calculate permission values when the umask contains a "7". This causes world-writable permissions to be used for new files, allowing local users to modify the files. The exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information. It can be exploited locally.

Recommendations For Augeas versions 1.0.0 through 1.1.0, consider updating to a version where the transform save function is properly fixed to handle permission values correctly. As a temporary workaround, restrict access to files created by the transform save function to minimize the risk of exploitation. Avoid using the umask with a value containing "7" in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.