Lucene search

K

GoogleOSV:GHSA-77HG-G8CC-5R37

HistoryMay 14, 2022 - 12:56 a.m.

Puppet Privilege Escallation

2022-05-1400:56:44

Google

osv.dev

9

puppet

privilege escalation

suidmanager

puppet 2.6.x

puppet 2.7.x

puppet enterprise

pe users

EPSS

0

Percentile

10.1%

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

References

exchange.xforce.ibmcloud.com/vulnerabilities/73445

github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36

nvd.nist.gov/vuln/detail/CVE-2012-1053

ubuntu.com/usn/usn-1372-1

web.archive.org/web/20120504011717/puppetlabs.com/security/cve/cve-2012-1053

web.archive.org/web/20120513215447/projects.puppetlabs.com/issues/12458

web.archive.org/web/20120513215653/projects.puppetlabs.com/issues/12457

web.archive.org/web/20120513223437/projects.puppetlabs.com/issues/12459

web.archive.org/web/20120527071855/www.securityfocus.com/bid/52158

web.archive.org/web/20120816020421/projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14

www.debian.org/security/2012/dsa-2419

EPSS

0

Percentile

10.1%

Related for OSV:GHSA-77HG-G8CC-5R37

debiancve1 ubuntucve1 nvd1 prion1 rubygems1 cvelist1 cve1 github1 openvas20 nessus9 osv1 ubuntu1 debian2 amazon1 securityvulns2 suse1 fedora6 gentoo1