Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 01:31
Type | Values Removed | Values Added |
---|---|---|
References | () http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb - Patch | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html - Patch | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html - Patch | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html - Patch | |
References | () http://secunia.com/advisories/46458 - Vendor Advisory | |
References | () http://www.debian.org/security/2011/dsa-2314 - | |
References | () http://www.ubuntu.com/usn/USN-1223-1 - | |
References | () http://www.ubuntu.com/usn/USN-1223-2 - | |
References | () https://puppet.com/security/cve/cve-2011-3870 - |
Information
Published : 2011-10-27 20:55
Updated : 2024-11-21 01:31
NVD link : CVE-2011-3870
Mitre link : CVE-2011-3870
CVE.ORG link : CVE-2011-3870
JSON object : View
Products Affected
puppetlabs
- puppet
puppet
- puppet
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')