Lucene search

MitreCVE-2011-3869

HistoryOct 27, 2011 - 8:55 p.m.

CVE-2011-3869

2011-10-2720:55:01

CWE-59

mitre

web.nvd.nist.gov

puppet

cve-2011-3869

security

nvd

symlink attack

file overwrite

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.

Affected configurations

Nvd

Node

puppetpuppetMatch2.6.0

puppetpuppetMatch2.6.1

puppetpuppetMatch2.6.2

puppetpuppetMatch2.6.3

puppetpuppetMatch2.6.4

puppetpuppetMatch2.6.5

puppetpuppetMatch2.6.6

puppetpuppetMatch2.6.7

puppetpuppetMatch2.6.8

puppetpuppetMatch2.6.9

puppetpuppetMatch2.6.10

puppetpuppetMatch2.7.2

puppetpuppetMatch2.7.3

puppetpuppetMatch2.7.4

puppetlabspuppetMatch2.7.0

puppetlabspuppetMatch2.7.1

Node

puppetpuppetMatch0.25.0

puppetpuppetMatch0.25.1

puppetpuppetMatch0.25.2

puppetpuppetMatch0.25.3

puppetpuppetMatch0.25.4

puppetpuppetMatch0.25.5

puppetpuppetMatch0.25.6

VendorProductVersionCPE
puppetpuppet2.6.0cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
puppetpuppet2.6.1cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
puppetpuppet2.6.2cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
puppetpuppet2.6.3cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
puppetpuppet2.6.4cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
puppetpuppet2.6.5cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
puppetpuppet2.6.6cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
puppetpuppet2.6.7cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
puppetpuppet2.6.8cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
puppetpuppet2.6.9cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
puppet	puppet	2.6.0	cpe:2.3:a:puppet:puppet:2.6.0:::::::*
puppet	puppet	2.6.1	cpe:2.3:a:puppet:puppet:2.6.1:::::::*
puppet	puppet	2.6.2	cpe:2.3:a:puppet:puppet:2.6.2:::::::*
puppet	puppet	2.6.3	cpe:2.3:a:puppet:puppet:2.6.3:::::::*
puppet	puppet	2.6.4	cpe:2.3:a:puppet:puppet:2.6.4:::::::*
puppet	puppet	2.6.5	cpe:2.3:a:puppet:puppet:2.6.5:::::::*
puppet	puppet	2.6.6	cpe:2.3:a:puppet:puppet:2.6.6:::::::*
puppet	puppet	2.6.7	cpe:2.3:a:puppet:puppet:2.6.7:::::::*
puppet	puppet	2.6.8	cpe:2.3:a:puppet:puppet:2.6.8:::::::*
puppet	puppet	2.6.9	cpe:2.3:a:puppet:puppet:2.6.9:::::::*