Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Augeas transform_save’函数安全漏洞
Vulnerability Description
Augeas是一套用于管理配置文件的工具。该工具通过树形结构来配置修改相应的配置文件,且拥有一个API接口供其他程序调用。 Augeas 1.0.0至1.1.0版本中的transform.c文件中的‘transform_save’函数中存在安全漏洞,该漏洞源于当umask含有一个‘7,’时,程序没有正确计算权限值,造成对所有新文件使用全局可写权限。本地攻击者可利用该漏洞修改这些文件。
CVSS Information
N/A
Vulnerability Type
N/A