9 matches found
SuSE 11 Security Update : puppet (SAT Patch Number 2113)
pupped created temporary files with fixed names. Local attacks could exploit that to install symlinks that overwrite files of the victim. CVE-2010-0156 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...
openSUSE Security Update : puppet (openSUSE-SU-2010:0306-1)
pupped created temporary files with fixed names. Local attacks could exploit that to install symlinks that overwrite files of the victim CVE-2010-0156. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
openSUSE Security Update : puppet (openSUSE-SU-2010:0306-1)
pupped created temporary files with fixed names. Local attacks could exploit that to install symlinks that overwrite files of the victim CVE-2010-0156. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
Ubuntu: Security Advisory (USN-917-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[USN-917-1] Puppet vulnerabilities
=========================================================== Ubuntu Security Notice USN-917-1 March 24, 2010 puppet vulnerabilities CVE-2009-3564, CVE-2010-0156 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 This...
Ubuntu 9.10 : puppet vulnerabilities (USN-917-1)
It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. CVE-2009-3564 It was discovered that Puppet did not correctly handle temporary files. ...
USN-917-1: Puppet vulnerabilities
It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. CVE-2009-3564 It was discovered that Puppet did not correctly handle temporary files. ...
Fedora Update for puppet FEDORA-2010-1079
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2010-0156
CVE-2010-0156 : Puppet 0.24.x up to 0.24.9 and 0.25.x up to 0.25.2 is vulnerable to a local symlink attack that lets unprivileged users overwrite arbitrary files via temporary files: /tmp/daemonout, /tmp/puppetdoc.txt, /tmp/puppetdoc.tex, or /tmp/puppetdoc. Root cause: insecure handling of tempor...