Lucene search

K

Ubuntu.comUB:CVE-2011-3870

HistoryOct 01, 2011 - 12:00 a.m.

CVE-2011-3870

2011-10-0100:00:00

ubuntu.com

ubuntu.com

15

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

EPSS

0

Percentile

5.1%

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local
users to modify the permissions of arbitrary files via a symlink attack on
the SSH authorized_keys file.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpuppet< 0.25.4-2ubuntu6.3UNKNOWN
ubuntu10.10noarchpuppet< 2.6.1-0ubuntu2.2UNKNOWN
ubuntu11.04noarchpuppet< 2.6.4-2ubuntu2.3UNKNOWN

References

launchpad.net/bugs/cve/CVE-2011-3870

nvd.nist.gov/vuln/detail/CVE-2011-3870

security-tracker.debian.org/tracker/CVE-2011-3870

ubuntu.com/security/notices/USN-1223-1

www.cve.org/CVERecord?id=CVE-2011-3870

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

EPSS

0

Percentile

5.1%

Related for UB:CVE-2011-3870

prion1 cvelist1 rubygems1 github1 cve1 debiancve1 nvd1 osv2 nessus11 openvas23 fedora7 amazon1 ubuntu2 securityvulns2 debian2 gentoo1