Lucene search
UbuntuUSN-2077-1HistoryJan 06, 2014 - 12:00 a.m.
Puppet vulnerability
2014-01-0600:00:00
ubuntu.com
44
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Releases
- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04
Packages
- puppet - Centralized configuration management
Details
It was discovered that Puppet incorrectly handled temporary files. A local
attacker could possibly use this issue to overwrite arbitrary files. In the
default installation of Ubuntu, this should be prevented by the Yama link
restrictions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 13.10 | noarch | puppet-common | < 3.2.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | puppet | < 3.2.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | puppet-el | < 3.2.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | puppet-testsuite | < 3.2.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | puppetmaster | < 3.2.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | puppetmaster-common | < 3.2.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | puppetmaster-passenger | < 3.2.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | vim-puppet | < 3.2.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | puppet-common | < 2.7.18-4ubuntu1.3 | UNKNOWN |
| Ubuntu | 13.04 | noarch | puppet | < 2.7.18-4ubuntu1.3 | UNKNOWN |
References
Related
amazon
amazon
Low: puppet
2014-02-03 15:28:00
nessus
nessus
Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : puppet vulnerability (USN-2077-1)
2014-01-07 00:00:00
Debian DSA-2831-1 : puppet - insecure temporary files
2014-01-02 00:00:00
Amazon Linux AMI : puppet (ALAS-2014-288)
2014-02-05 00:00:00
seebug
seebug
Puppet/Puppet Enterprise不安全临时文件符号链接攻击漏洞
2013-12-30 00:00:00
prion
prion
Code injection
2014-01-07 18:55:00
debian
debian
[SECURITY] [DSA 2831-2] puppet regression update
2014-01-17 16:07:16
[SECURITY] [DSA 2831-1] puppet security update
2013-12-31 16:46:11
[SECURITY] [DSA 2831-2] puppet regression update
2014-01-17 16:07:16
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-288)
2015-09-08 00:00:00
Ubuntu Update for puppet USN-2077-1
2014-01-10 00:00:00
Debian: Security Advisory (DSA-2831-1)
2013-12-30 00:00:00
mageia
mageia
Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression
2014-02-20 01:15:34
securityvulns
securityvulns
puppet symbolic links vulnerability
2014-01-08 00:00:00
[SECURITY] [DSA 2831-1] puppet security update
2014-01-08 00:00:00
debiancve
debiancve
CVE-2013-4969
2014-01-07 18:55:06
cve
cve
CVE-2013-4969
2014-01-07 18:55:06
nvd
nvd
CVE-2013-4969
2014-01-07 18:55:06
fedora
fedora
[SECURITY] Fedora 20 Update: puppet-3.4.2-1.fc20
2014-01-23 11:10:28
[SECURITY] Fedora 19 Update: puppet-3.4.2-1.fc19
2014-01-23 11:13:28
ubuntucve
ubuntucve
CVE-2013-4969
2013-12-26 00:00:00
cvelist
cvelist
CVE-2013-4969
2014-01-07 18:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Related for USN-2077-1