Lucene search

K
nvd[email protected]NVD:CVE-2011-3870
HistoryOct 27, 2011 - 8:55 p.m.

CVE-2011-3870

2011-10-2720:55:01
CWE-59
web.nvd.nist.gov

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

AI Score

6

Confidence

Low

EPSS

0

Percentile

5.1%

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.

Affected configurations

NVD
Node
puppetpuppetMatch2.6.0
OR
puppetpuppetMatch2.6.1
OR
puppetpuppetMatch2.6.2
OR
puppetpuppetMatch2.6.3
OR
puppetpuppetMatch2.6.4
OR
puppetpuppetMatch2.6.5
OR
puppetpuppetMatch2.6.6
OR
puppetpuppetMatch2.6.7
OR
puppetpuppetMatch2.6.8
OR
puppetpuppetMatch2.6.9
OR
puppetpuppetMatch2.6.10
OR
puppetpuppetMatch2.7.2
OR
puppetpuppetMatch2.7.3
OR
puppetpuppetMatch2.7.4
OR
puppetlabspuppetMatch2.7.0
OR
puppetlabspuppetMatch2.7.1
Node
puppetpuppetMatch0.25.0
OR
puppetpuppetMatch0.25.1
OR
puppetpuppetMatch0.25.2
OR
puppetpuppetMatch0.25.3
OR
puppetpuppetMatch0.25.4
OR
puppetpuppetMatch0.25.5
OR
puppetpuppetMatch0.25.6

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

AI Score

6

Confidence

Low

EPSS

0

Percentile

5.1%