关键漏洞信息 漏洞概要 CVE ID: CVE-2013-6412 Bugzilla ID: 1034261 Vulnerability: Incorrect permissions set on newly created files in augeas Status: CLOSED ERRATA 影响的产品和环境 Product: Security Response Component: vulnerability OS: Linux Priority and Severity: Medium 报告和修复详情 Reported Date: 2013-11-25 Modified Date: 2023-05-12 Last Closed: 2021-10-20 Fix: Committed upstream with changes to augeas code. 漏洞详情 Summary: Commit introduced a flaw in setting permissions for newly created files in augeas, resulting in files being world-writable. Impact: Local users could potentially use this to modify configuration files created by applications using augeas. 相关CVEs CVE-2012-0786: Fix for this issue introduced a new flaw. 解决方案和补丁 Patch Submission: Patch submitted for review and merged upstream. RHSA: RHSA-2014:0044 Fedora and EPEL Updates: Fixes pushed to various Fedora and EPEL repositories. 发现者 Discoverer: Red Hat Security Response Team