Lucene search

K
nvd[email protected]NVD:CVE-2011-3869
HistoryOct 27, 2011 - 8:55 p.m.

CVE-2011-3869

2011-10-2720:55:01
CWE-59
web.nvd.nist.gov

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

AI Score

6

Confidence

Low

EPSS

0

Percentile

5.1%

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.

Affected configurations

NVD
Node
puppetpuppetMatch2.6.0
OR
puppetpuppetMatch2.6.1
OR
puppetpuppetMatch2.6.2
OR
puppetpuppetMatch2.6.3
OR
puppetpuppetMatch2.6.4
OR
puppetpuppetMatch2.6.5
OR
puppetpuppetMatch2.6.6
OR
puppetpuppetMatch2.6.7
OR
puppetpuppetMatch2.6.8
OR
puppetpuppetMatch2.6.9
OR
puppetpuppetMatch2.6.10
OR
puppetpuppetMatch2.7.2
OR
puppetpuppetMatch2.7.3
OR
puppetpuppetMatch2.7.4
OR
puppetlabspuppetMatch2.7.0
OR
puppetlabspuppetMatch2.7.1
Node
puppetpuppetMatch0.25.0
OR
puppetpuppetMatch0.25.1
OR
puppetpuppetMatch0.25.2
OR
puppetpuppetMatch0.25.3
OR
puppetpuppetMatch0.25.4
OR
puppetpuppetMatch0.25.5
OR
puppetpuppetMatch0.25.6

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

AI Score

6

Confidence

Low

EPSS

0

Percentile

5.1%