Detections
Analytics

MiracleLinux 4 : augeas-1.0.0-5.AXS4.1 (AXSA:2014-034:01)

medium Nessus Plugin ID 289485

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-034:01 advisory.

 A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files.
 The transformation works very hard to preserve comments and formatting details. It is controlled by ``lens'' definitions that describe the file format and the transformation into a tree.
 Security issues fixed with this release:
 CVE-2012-0786 The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.
 CVE-2012-0787 The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
 CVE-2013-6412 The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a 7, which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.
 Fixed bugs:
 Previously, Augeas could not parse files containing single quotes with the XML lens. This has been fixed:
 single quotes are now handled like valid characters.
 Previously, Augeas could not set up the require_ssl_reuse option in the vsftpd.conf file. This has been fixed.
 The XML lens now supports non-Unix line endings (CRLF line endings).
 Augeas can now parse modprobe.conf files containing spaces around = characters in option directives.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected augeas-libs package.

See Also

https://tsn.miraclelinux.com/en/node/4493

Plugin Details

Severity: Medium

ID: 289485

File Name: miracle_linux_AXSA-2014-034.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-6412

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:augeas-libs, cpe:/o:miracle:linux:4

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/18/2014

Vulnerability Publication Date: 7/19/2012

Reference Information

CVE: CVE-2012-0786, CVE-2012-0787, CVE-2013-6412