Lucene search
DebianDEBIAN:BSA-065:5B213HistoryMar 21, 2012 - 3:12 p.m.
[BSA-065] Security Update for puppet
2012-03-2115:12:26
lists.debian.org
15
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
10.1%
Micah Anderson uploaded new packages for puppet which fixed the
following security problems: CVE-2012-1053 and CVE-2012-1054
CVE-2012-1053
Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation.
CVE-2012-1054
The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used.
For the squeeze-backports distribution the problems have been fixed in
version 2.7.11-1~bpo60+1.
–
Attachment:
pgp54KwCi3Nba.pgp
Description: PGP signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | puppet-el | < 2.6.2-5+squeeze4 | puppet-el_2.6.2-5+squeeze4_all.deb |
| Debian | 6 | all | puppet | < 2.6.2-5+squeeze4 | puppet_2.6.2-5+squeeze4_all.deb |
| Debian | 6 | all | puppetmaster | < 2.6.2-5+squeeze4 | puppetmaster_2.6.2-5+squeeze4_all.deb |
| Debian | 6 | all | puppet-common | < 2.6.2-5+squeeze4 | puppet-common_2.6.2-5+squeeze4_all.deb |
| Debian | 6 | all | vim-puppet | < 2.6.2-5+squeeze4 | vim-puppet_2.6.2-5+squeeze4_all.deb |
| Debian | 6 | all | puppet-testsuite | < 2.6.2-5+squeeze4 | puppet-testsuite_2.6.2-5+squeeze4_all.deb |
Related
nessus
nessus
SuSE 11.1 Security Update : puppet (SAT Patch Number 5876)
2012-03-05 00:00:00
Debian DSA-2419-1 : puppet - several vulnerabilities
2012-02-28 00:00:00
Fedora 16 : puppet-2.6.14-1.fc16 (2012-2415)
2012-03-12 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: puppet-2.6.14-1.fc17
2012-03-11 17:02:10
[SECURITY] Fedora 16 Update: puppet-2.6.14-1.fc16
2012-03-10 21:52:57
[SECURITY] Fedora 16 Update: puppet-2.6.16-1.fc16
2012-04-27 05:51:26
openvas
openvas
Fedora Update for puppet FEDORA-2012-2325
2012-08-30 00:00:00
Ubuntu Update for puppet USN-1372-1
2012-03-09 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-53)
2015-09-08 00:00:00
osv
osv
puppet - several
2012-02-27 00:00:00
Puppet Privilege Escallation
2022-05-14 00:56:44
ubuntu
ubuntu
Puppet vulnerabilities
2012-02-23 00:00:00
debian
debian
[SECURITY] [DSA 2419-1] puppet security update
2012-02-27 19:46:42
amazon
amazon
Medium: puppet
2012-03-15 19:11:00
suse
suse
Security update for puppet (important)
2012-03-06 22:08:33
securityvulns
securityvulns
[SECURITY] [DSA 2419-1] puppet security update
2012-03-09 00:00:00
Puppet security vulnerabilities
2012-03-09 00:00:00
ubuntucve
ubuntucve
CVE-2012-1054
2012-02-23 00:00:00
CVE-2012-1053
2012-02-23 00:00:00
debiancve
debiancve
CVE-2012-1054
2012-05-29 20:55:07
CVE-2012-1053
2012-05-29 20:55:07
prion
prion
Design/Logic Flaw
2012-05-29 20:55:00
Design/Logic Flaw
2012-05-29 20:55:00
cvelist
cvelist
CVE-2012-1054
2012-05-29 20:00:00
CVE-2012-1053
2012-05-29 20:00:00
nvd
nvd
CVE-2012-1054
2012-05-29 20:55:07
CVE-2012-1053
2012-05-29 20:55:07
cve
cve
CVE-2012-1054
2012-05-29 20:55:07
CVE-2012-1053
2012-05-29 20:55:07
rubygems
rubygems
Puppet Privilege Escallation
2012-05-28 20:00:00
github
github
Puppet Privilege Escallation
2022-05-14 00:56:44
gentoo
gentoo
Puppet: Multiple vulnerabilities
2012-03-06 00:00:00
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
10.1%
Related for DEBIAN:BSA-065:5B213