The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a 7, which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Augeas | Augeas | 1.0.0 (including) | 1.0.0 (including) |
| Augeas | Augeas | 1.1.0 (including) | 1.1.0 (including) |
| Red Hat Enterprise Linux 6 | RedHat | augeas-0:1.0.0-5.el6_5.1 | * |
| Augeas | Ubuntu | lucid | * |
| Augeas | Ubuntu | precise | * |
| Augeas | Ubuntu | raring | * |
| Augeas | Ubuntu | saucy | * |
| Augeas | Ubuntu | upstream | * |
References
- http://rhn.redhat.com/errata/RHSA-2014-0044.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1034261
- https://github.com/hercules-team/augeas/commit/f5b4fc0c
- https://github.com/hercules-team/augeas/pull/58
- http://rhn.redhat.com/errata/RHSA-2014-0044.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1034261
- https://github.com/hercules-team/augeas/commit/f5b4fc0c
- https://github.com/hercules-team/augeas/pull/58