Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Augeas ‘clone_file’函数安全漏洞
Vulnerability Description
Augeas是一套用于管理配置文件的工具。该工具通过树形结构来配置修改相应的配置文件,且拥有一个API接口供其他程序调用。 Augeas 1.0.0之前的版本中的transfer.c文件中的‘clone_file’函数中存在安全漏洞,该漏洞源于程序以不安全的权限创建‘.augsave’文件。本地攻击者可通过符号链接攻击利用该漏洞覆盖任意文件并获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A