16 matches found
SUSE CVE-2013-4969
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise PE before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files...
Mageia: Security Advisory (MGASA-2014-0084)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-RU-2015:0696-1 Security update for puppet
Puppet was updated to fix the following security issues: Unsafe use of temporary files. CVE-2013-4969 Arbitrary code execution with required social engineering. CVE-2014-3248, CVE-2014-3250 Security Issues references: CVE-2014-3248 CVE-2013-4969 CVE-2014-3250...
Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities
According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities : - An input validation error exists related to the included Ruby version, handling string to floating point...
MGASA-2014-0084 Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression
Updated puppet and puppet3 packages fix security vulnerability: An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system CVE-2013-4969. This update also...
Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression
Updated puppet and puppet3 packages fix security vulnerability: An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system CVE-2013-4969. This update also...
Amazon Linux AMI : puppet (ALAS-2014-288)
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise PE before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...
Low: puppet
Issue Overview: Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise PE before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. Affected Packages: puppet Issue Correction: Run yum update puppet or yum update --advisory...
Fedora Update for puppet FEDORA-2014-0850
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : puppet-3.4.2-1.fc19 (2014-0850)
Update to 3.4.2 to mitigate CVE-2013-4969 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...
Fedora 20 : puppet-3.4.2-1.fc20 (2014-0825)
Update to 3.4.2 to mitigate CVE-2013-4969 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...
CVE-2013-4969
CVE-2013-4969 affects Puppet before 3.3.3 and 3.4 before 3.4.1, and Puppet Enterprise before 2.8.4 and 3.1 before 3.1.1, allowing local users to overwrite arbitrary files via a symlink attack. Connected advisories indicate fixes with Puppet packages updated to 2.7.25 (e.g., Mageia MDVSA-2014:040 ...
Debian DSA-2831-1 : puppet - insecure temporary files
An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
[SECURITY] [DSA 2831-1] puppet security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2831-1 [email protected] http://www.debian.org/security/ Luciano Bello December 31, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)
An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. OpenVAS Vulnerability Test $Id: deb2831.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated fr...
Puppet/Puppet Enterprise不安全临时文件符号链接攻击漏洞
CVE ID:CVE-2013-4969 puppet是一款Linux、Unix、windows平台的集中配置管理系统。 Puppet和Puppet Enterprise使用不安全的临时文件,允许本地攻击者使用符号链接攻击覆盖系统任意文件。 0 Puppet 3.3.2 Puppet 3.4.0 Puppet 2.8.3 Puppet 3.1.0 puppet 2.8.4和3.1.1, puppet 3.3.3和3.4.1已经修复该漏洞,建议用户下载更新: http://puppetlabs.com/...