Lucene search

K

[email protected]NVD:CVE-2012-1054

HistoryMay 29, 2012 - 8:55 p.m.

CVE-2012-1054

2012-05-2920:55:07

CWE-264

[email protected]

web.nvd.nist.gov

7

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

Low

EPSS

0

Percentile

10.1%

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.

Affected configurations

Nvd

Node

puppetpuppetMatch2.6.0

OR

puppetpuppetMatch2.6.1

OR

puppetpuppetMatch2.6.2

OR

puppetpuppetMatch2.6.3

OR

puppetpuppetMatch2.6.4

OR

puppetpuppetMatch2.6.5

OR

puppetpuppetMatch2.6.6

OR

puppetpuppetMatch2.6.7

OR

puppetpuppetMatch2.6.8

OR

puppetpuppetMatch2.6.9

OR

puppetpuppetMatch2.6.10

OR

puppetpuppetMatch2.6.11

OR

puppetpuppetMatch2.6.12

OR

puppetpuppetMatch2.6.13

Node

puppetpuppetMatch2.7.2

OR

puppetpuppetMatch2.7.3

OR

puppetpuppetMatch2.7.4

OR

puppetpuppetMatch2.7.5

OR

puppetpuppetMatch2.7.6

OR

puppetpuppetMatch2.7.7

OR

puppetpuppetMatch2.7.8

OR

puppetpuppetMatch2.7.9

OR

puppetpuppetMatch2.7.10

OR

puppetlabspuppetMatch2.7.0

OR

puppetlabspuppetMatch2.7.1

Node

puppetpuppet_enterpriseMatch1.2.0

OR

puppetpuppet_enterpriseMatch1.2.1

OR

puppetpuppet_enterpriseMatch1.2.2

OR

puppetpuppet_enterpriseMatch1.2.3

OR

puppetpuppet_enterpriseMatch1.2.4

OR

puppetpuppet_enterpriseMatch2.0.0

OR

puppetpuppet_enterpriseMatch2.0.1

OR

puppetpuppet_enterpriseMatch2.0.2

OR

puppetlabspuppet_enterprise_usersMatch1.0

OR

puppetlabspuppet_enterprise_usersMatch1.1

References

lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html

projects.puppetlabs.com/issues/12460

projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14

puppetlabs.com/security/cve/cve-2012-1054/

secunia.com/advisories/48157

secunia.com/advisories/48161

secunia.com/advisories/48166

secunia.com/advisories/48290

ubuntu.com/usn/usn-1372-1

www.debian.org/security/2012/dsa-2419

www.osvdb.org/79496

www.securityfocus.com/bid/52158

exchange.xforce.ibmcloud.com/vulnerabilities/73446

hermes.opensuse.org/messages/15087408

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

Low

EPSS

0

Percentile

10.1%

Related for NVD:CVE-2012-1054

ubuntucve1 debiancve1 cvelist1 prion1 cve1 openvas20 nessus9 fedora6 osv1 debian2 ubuntu1 securityvulns2 amazon1 suse1 gentoo1