VIR Vulnerability Intelligence Relay

CVE-2012-0786

low
Published 2013-11-23 · Modified 2026-04-29
CVSS v3
CVSS v2
3.3
VIR risk
3.3

Description

The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-0786

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/55811

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://augeas.net/news.html

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1.0.0-1
debian debianbullseyefixed1.0.0-1
debian debianforkyfixed1.0.0-1
debian debiansidfixed1.0.0-1
debian debiantrixiefixed1.0.0-1

Application impact
VendorProductVersionsFixed
augeasaugeas{"endIncluding":"0.10.0"}
augeasaugeas0.0.1
augeasaugeas0.0.2
augeasaugeas0.0.3
augeasaugeas0.0.4
augeasaugeas0.0.5
augeasaugeas0.0.6
augeasaugeas0.0.7
augeasaugeas0.0.8
augeasaugeas0.1.0
augeasaugeas0.1.1
augeasaugeas0.2.0
augeasaugeas0.2.1
augeasaugeas0.2.2
augeasaugeas0.3.0
augeasaugeas0.3.1
augeasaugeas0.3.2
augeasaugeas0.3.3
augeasaugeas0.3.4
augeasaugeas0.3.5
augeasaugeas0.3.6
augeasaugeas0.4.0
augeasaugeas0.4.1
augeasaugeas0.4.2
augeasaugeas0.5.0
augeasaugeas0.5.1
augeasaugeas0.5.2
augeasaugeas0.5.3
augeasaugeas0.6.0
augeasaugeas0.7.0
augeasaugeas0.7.1
augeasaugeas0.7.2
augeasaugeas0.7.3
augeasaugeas0.7.4
augeasaugeas0.8.0
augeasaugeas0.8.1
augeasaugeas0.9.0

References

CWEs

CWE-59

Verify integrity in audit chain (admin only). AS-IS.