Lucene search
RubySecRUBY:PUPPET-2012-1989HistoryOct 23, 2017 - 9:00 p.m.
Arbitrary File Write Access in Puppet
2017-10-2321:00:00
RubySec
www.puppet.com
7
CVSS2
3.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise
(PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users
to overwrite arbitrary files via a symlink attack on the
NET::Telnet connection log (/tmp/out.log).
Affected configurations
Node
rubypuppetRange2.5.0–2.5.1
ORrubypuppetRange≤2.7.13
Related
ubuntucve
ubuntucve
CVE-2012-1989
2012-04-11 00:00:00
cvelist
cvelist
CVE-2012-1989
2012-06-27 18:00:00
prion
prion
Code injection
2012-06-27 18:55:00
nvd
nvd
CVE-2012-1989
2012-06-27 18:55:01
debiancve
debiancve
CVE-2012-1989
2012-06-27 18:55:01
osv
osv
Puppet allows local users to overwrite arbitrary files via a symlink attack
2017-10-24 18:33:38
cve
cve
CVE-2012-1989
2012-06-27 18:55:01
github
github
Puppet allows local users to overwrite arbitrary files via a symlink attack
2017-10-24 18:33:38
nessus
nessus
openSUSE Security Update : puppet (openSUSE-SU-2012:0608-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 11.04 / 11.10 : puppet vulnerabilities (USN-1419-1)
2012-04-11 00:00:00
openvas
openvas
FreeBSD Ports: puppet
2012-04-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0771-1)
2021-06-09 00:00:00
Gentoo Security Advisory GLSA 201208-02 (Puppet)
2012-08-30 00:00:00
ubuntu
ubuntu
Puppet vulnerabilities
2012-04-11 00:00:00
freebsd
freebsd
puppet -- Multiple Vulnerabilities
2012-03-26 00:00:00
gentoo
gentoo
Puppet: Multiple vulnerabilities
2012-08-14 00:00:00
CVSS2
3.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
Related for RUBY:PUPPET-2012-1989