Lucene search
HistoryOct 06, 2009 - 5:30 p.m.
CVE-2009-3564
CVSS2
4.7
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
Affected configurations
Node
reductivelabspuppetMatch0.24.6
fedoraprojectfedora
| Vendor | Product | Version | CPE |
|---|---|---|---|
| reductivelabs | puppet | 0.24.6 | cpe:2.3:a:reductivelabs:puppet:0.24.6:*:*:*:*:*:*:* |
| fedoraproject | fedora | * | cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2009-3564
2009-10-06 17:30:00
ubuntucve
ubuntucve
CVE-2009-3564
2009-10-06 00:00:00
cvelist
cvelist
CVE-2009-3564
2009-10-06 17:22:00
prion
prion
Design/Logic Flaw
2009-10-06 17:30:00
debiancve
debiancve
CVE-2009-3564
2009-10-06 17:30:00
securityvulns
securityvulns
puppet privilege escalation
2010-03-25 00:00:00
[USN-917-1] Puppet vulnerabilities
2010-03-25 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-917-1)
2010-03-31 00:00:00
Ubuntu Update for puppet vulnerabilities USN-917-1
2010-03-31 00:00:00
Gentoo Security Advisory GLSA 201203-03 (puppet)
2012-03-12 00:00:00
ubuntu
ubuntu
Puppet vulnerabilities
2010-03-24 00:00:00
nessus
nessus
Ubuntu 9.10 : puppet vulnerabilities (USN-917-1)
2010-03-25 00:00:00
GLSA-201203-03 : Puppet: Multiple vulnerabilities
2012-03-06 00:00:00
gentoo
gentoo
Puppet: Multiple vulnerabilities
2012-03-06 00:00:00
CVSS2
4.7
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2009-3564