Lucene search

[email protected]NVD:CVE-2012-1906

HistoryMay 29, 2012 - 8:55 p.m.

CVE-2012-1906

2012-05-2920:55:07

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.

Affected configurations

Nvd

Node

puppetpuppetMatch2.6.0

puppetpuppetMatch2.6.1

puppetpuppetMatch2.6.2

puppetpuppetMatch2.6.3

puppetpuppetMatch2.6.4

puppetpuppetMatch2.6.5

puppetpuppetMatch2.6.6

puppetpuppetMatch2.6.7

puppetpuppetMatch2.6.8

puppetpuppetMatch2.6.9

puppetpuppetMatch2.6.10

puppetpuppetMatch2.6.11

puppetpuppetMatch2.6.12

puppetpuppetMatch2.6.13

puppetpuppetMatch2.6.14

Node

puppetpuppetMatch2.7.2

puppetpuppetMatch2.7.3

puppetpuppetMatch2.7.4

puppetpuppetMatch2.7.5

puppetpuppetMatch2.7.6

puppetpuppetMatch2.7.7

puppetpuppetMatch2.7.8

puppetpuppetMatch2.7.9

puppetpuppetMatch2.7.10

puppetpuppetMatch2.7.11

puppetpuppet_enterpriseMatch2.5.0

puppetlabspuppetMatch2.7.0

puppetlabspuppetMatch2.7.1

Node

puppetpuppet_enterpriseMatch1.2.0

puppetpuppet_enterpriseMatch1.2.1

puppetpuppet_enterpriseMatch1.2.2

puppetpuppet_enterpriseMatch1.2.3

puppetpuppet_enterpriseMatch1.2.4

puppetpuppet_enterpriseMatch2.0.0

puppetpuppet_enterpriseMatch2.0.1

puppetpuppet_enterpriseMatch2.0.2

puppetlabspuppet_enterprise_usersMatch1.0

puppetlabspuppet_enterprise_usersMatch1.1

VendorProductVersionCPE
puppetpuppet2.6.0cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
puppetpuppet2.6.1cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
puppetpuppet2.6.2cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
puppetpuppet2.6.3cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
puppetpuppet2.6.4cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
puppetpuppet2.6.5cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
puppetpuppet2.6.6cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
puppetpuppet2.6.7cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
puppetpuppet2.6.8cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
puppetpuppet2.6.9cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
puppet	puppet	2.6.0	cpe:2.3:a:puppet:puppet:2.6.0:::::::*
puppet	puppet	2.6.1	cpe:2.3:a:puppet:puppet:2.6.1:::::::*
puppet	puppet	2.6.2	cpe:2.3:a:puppet:puppet:2.6.2:::::::*
puppet	puppet	2.6.3	cpe:2.3:a:puppet:puppet:2.6.3:::::::*
puppet	puppet	2.6.4	cpe:2.3:a:puppet:puppet:2.6.4:::::::*
puppet	puppet	2.6.5	cpe:2.3:a:puppet:puppet:2.6.5:::::::*
puppet	puppet	2.6.6	cpe:2.3:a:puppet:puppet:2.6.6:::::::*
puppet	puppet	2.6.7	cpe:2.3:a:puppet:puppet:2.6.7:::::::*
puppet	puppet	2.6.8	cpe:2.3:a:puppet:puppet:2.6.8:::::::*
puppet	puppet	2.6.9	cpe:2.3:a:puppet:puppet:2.6.9:::::::*