Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0058)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0058

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0058)

Resumen: The remote host is missing an update for the 'augeas' package(s) announced via the MGASA-2014-0058 advisory.

Descripción: Summary:
The remote host is missing an update for the 'augeas' package(s) announced via the MGASA-2014-0058 advisory.

Vulnerability Insight:
Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for example,
an application running as root that is updating files in a directory owned
by a non-root service user) could have been tricked into overwriting
arbitrary files or leaking information via a symbolic link or mount point
attack (CVE-2012-0786, CVE-2012-0787).

A flaw was found in the way Augeas handled certain umask settings when
creating new configuration files. This flaw could result in configuration
files being created as world writable, allowing unprivileged local users to
modify their content (CVE-2013-6412).

Affected Software/OS:
'augeas' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0786
RedHat Security Advisories: RHSA-2013:1537
http://rhn.redhat.com/errata/RHSA-2013-1537.html
http://secunia.com/advisories/55811
Common Vulnerability Exposure (CVE) ID: CVE-2012-0787
Common Vulnerability Exposure (CVE) ID: CVE-2013-6412
RHSA-2014:0044
http://rhn.redhat.com/errata/RHSA-2014-0044.html
https://bugzilla.redhat.com/show_bug.cgi?id=1034261
https://github.com/hercules-team/augeas/commit/f5b4fc0c
https://github.com/hercules-team/augeas/pull/58

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0058
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0058)
Resumen:	The remote host is missing an update for the 'augeas' package(s) announced via the MGASA-2014-0058 advisory.
Descripción:	Summary: The remote host is missing an update for the 'augeas' package(s) announced via the MGASA-2014-0058 advisory. Vulnerability Insight: Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack (CVE-2012-0786, CVE-2012-0787). A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content (CVE-2013-6412). Affected Software/OS: 'augeas' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0786 RedHat Security Advisories: RHSA-2013:1537 http://rhn.redhat.com/errata/RHSA-2013-1537.html http://secunia.com/advisories/55811 Common Vulnerability Exposure (CVE) ID: CVE-2012-0787 Common Vulnerability Exposure (CVE) ID: CVE-2013-6412 RHSA-2014:0044 http://rhn.redhat.com/errata/RHSA-2014-0044.html https://bugzilla.redhat.com/show_bug.cgi?id=1034261 https://github.com/hercules-team/augeas/commit/f5b4fc0c https://github.com/hercules-team/augeas/pull/58
Copyright	Copyright (C) 2022 Greenbone AG