CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
10.1%
Micah Anderson uploaded new packages for puppet which fixed the
following security problems: CVE-2012-1053 and CVE-2012-1054
CVE-2012-1053
Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation.
CVE-2012-1054
The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used.
For the squeeze-backports distribution the problems have been fixed in
version 2.7.11-1~bpo60+1.
–
Attachment:
pgp54KwCi3Nba.pgp
Description: PGP signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | puppet-el | < 2.6.2-5+squeeze4 | puppet-el_2.6.2-5+squeeze4_all.deb |
Debian | 6 | all | puppet | < 2.6.2-5+squeeze4 | puppet_2.6.2-5+squeeze4_all.deb |
Debian | 6 | all | puppetmaster | < 2.6.2-5+squeeze4 | puppetmaster_2.6.2-5+squeeze4_all.deb |
Debian | 6 | all | puppet-common | < 2.6.2-5+squeeze4 | puppet-common_2.6.2-5+squeeze4_all.deb |
Debian | 6 | all | vim-puppet | < 2.6.2-5+squeeze4 | vim-puppet_2.6.2-5+squeeze4_all.deb |
Debian | 6 | all | puppet-testsuite | < 2.6.2-5+squeeze4 | puppet-testsuite_2.6.2-5+squeeze4_all.deb |