Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-3564HistoryOct 06, 2009 - 5:30 p.m.
CVE-2009-3564
2009-10-0617:30:00
Debian Security Bug Tracker
security-tracker.debian.org
6
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | puppet | < 0.25.1-3 | puppet_0.25.1-3_all.deb |
| Debian | 10 | all | puppet | < 0.25.1-3 | puppet_0.25.1-3_all.deb |
Related
cve
cve
CVE-2009-3564
2009-10-06 17:30:00
prion
prion
Design/Logic Flaw
2009-10-06 17:30:00
ubuntucve
ubuntucve
CVE-2009-3564
2009-10-06 00:00:00
securityvulns
securityvulns
puppet privilege escalation
2010-03-25 00:00:00
[USN-917-1] Puppet vulnerabilities
2010-03-25 00:00:00
openvas
openvas
Ubuntu Update for puppet vulnerabilities USN-917-1
2010-03-31 00:00:00
Ubuntu Update for puppet vulnerabilities USN-917-1
2010-03-31 00:00:00
Gentoo Security Advisory GLSA 201203-03 (puppet)
2012-03-12 00:00:00
ubuntu
ubuntu
Puppet vulnerabilities
2010-03-24 00:00:00
nessus
nessus
Ubuntu 9.10 : puppet vulnerabilities (USN-917-1)
2010-03-25 00:00:00
GLSA-201203-03 : Puppet: Multiple vulnerabilities
2012-03-06 00:00:00
gentoo
gentoo
Puppet: Multiple vulnerabilities
2012-03-06 00:00:00
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
Related for DEBIANCVE:CVE-2009-3564