{"enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2016-09-04T12:36:29"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1054", "CVE-2012-1053"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310864430", "OPENVAS:864430", "OPENVAS:71147", "OPENVAS:136141256231071147", "OPENVAS:1361412562310840907", "OPENVAS:1361412562310120414", "OPENVAS:840907", "OPENVAS:863896", "OPENVAS:1361412562310863896", "OPENVAS:1361412562310864185"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12237", "SECURITYVULNS:DOC:27729"]}, {"type": "ubuntu", "idList": ["USN-1372-1"]}, {"type": "nessus", "idList": ["ALA_ALAS-2012-53.NASL", "DEBIAN_DSA-2419.NASL", "UBUNTU_USN-1372-1.NASL", "FEDORA_2012-2325.NASL", "FEDORA_2012-2367.NASL", "FEDORA_2012-2415.NASL", "SUSE_11_PUPPET-120224.NASL", "OPENSUSE-2012-369.NASL", "GENTOO_GLSA-201203-03.NASL"]}, {"type": "amazon", "idList": ["ALAS-2012-053"]}, {"type": "debian", "idList": ["DEBIAN:BSA-065:5B213", "DEBIAN:DSA-2419-1:38FC3"]}, {"type": "gentoo", "idList": ["GLSA-201203-03"]}], "modified": "2016-09-04T12:36:29"}, "vulnersScore": 6.2}, "reporter": "Suse", "id": "SUSE-SU-2012:0325-1", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "bulletinFamily": "unix", "viewCount": 0, "objectVersion": "1.2", "affectedPackage": [{"packageFilename": "puppet-server-2.6.12-0.12.1.i586.rpm", "packageName": "puppet-server", "arch": "i586", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server for VMware"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.ia64.rpm", "packageName": "puppet-server", "arch": "ia64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-2.6.12-0.12.1.ppc64.rpm", "packageName": "puppet", "arch": "ppc64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.ppc64.rpm", "packageName": "puppet-server", "arch": "ppc64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-2.6.12-0.12.1.x86_64.rpm", "packageName": "puppet", "arch": "x86_64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-2.6.12-0.12.1.x86_64.rpm", "packageName": "puppet", "arch": "x86_64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server for VMware"}, {"packageFilename": "puppet-2.6.12-0.12.1.ppc64.rpm", "packageName": "puppet", "arch": "ppc64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-2.6.12-0.12.1.i586.rpm", "packageName": "puppet", "arch": "i586", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-2.6.12-0.12.1.i586.rpm", "packageName": "puppet", "arch": "i586", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server for VMware"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.x86_64.rpm", "packageName": "puppet-server", "arch": "x86_64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.i586.rpm", "packageName": "puppet-server", "arch": "i586", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-2.6.12-0.12.1.x86_64.rpm", "packageName": "puppet", "arch": "x86_64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.i586.rpm", "packageName": "puppet-server", "arch": "i586", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-2.6.12-0.12.1.s390x.rpm", "packageName": "puppet", "arch": "s390x", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.s390x.rpm", "packageName": "puppet-server", "arch": "s390x", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-2.6.12-0.12.1.x86_64.rpm", "packageName": "puppet", "arch": "x86_64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Desktop"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.x86_64.rpm", "packageName": "puppet-server", "arch": "x86_64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-2.6.12-0.12.1.x86_64.rpm", "packageName": "puppet", "arch": "x86_64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Desktop FOR SP2"}, {"packageFilename": "puppet-2.6.12-0.12.1.ia64.rpm", "packageName": "puppet", "arch": "ia64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-2.6.12-0.12.1.ia64.rpm", "packageName": "puppet", "arch": "ia64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-2.6.12-0.12.1.i586.rpm", "packageName": "puppet", "arch": "i586", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-2.6.12-0.12.1.i586.rpm", "packageName": "puppet", "arch": "i586", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Desktop FOR SP2"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.ia64.rpm", "packageName": "puppet-server", "arch": "ia64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.s390x.rpm", "packageName": "puppet-server", "arch": "s390x", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-2.6.12-0.12.1.s390x.rpm", "packageName": "puppet", "arch": "s390x", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.x86_64.rpm", "packageName": "puppet-server", "arch": "x86_64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server for VMware"}, {"packageFilename": "puppet-server-2.6.12-0.12.1.ppc64.rpm", "packageName": "puppet-server", "arch": "ppc64", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Server FOR SP2"}, {"packageFilename": "puppet-2.6.12-0.12.1.i586.rpm", "packageName": "puppet", "arch": "i586", "operator": "lt", "packageVersion": "2.6.12-0.12.1", "OSVersion": "11.1", "OS": "SUSE Linux Enterprise Desktop"}], "modified": "2012-03-06T22:08:33", "hash": "172446e3aa27ef3d09ecf193154a89fa809d8f55cee09ab82eeecd1c7510f3d9", "published": "2012-03-06T22:08:33", "references": ["http://download.novell.com/patch/finder/?keywords=810c76edc7112af5e466c9d5b28e5aa1", "https://bugzilla.novell.com/747657"], "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "description": "This update of puppet fixes two vulnerabilities that could\n potentially be exploited by local attackers to escalate\n privileges due to improper privilege dropping and file\n handling issues (symlink flaws) in puppet (CVE-2012-1053,\n CVE-2012-1054).\n", "type": "suse", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html", "lastseen": "2016-09-04T12:36:29", "edition": 1, "title": "Security update for puppet (important)"}

{"cve": [{"lastseen": "2019-07-12T12:09:50", "bulletinFamily": "NVD", "description": "Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.", "modified": "2019-07-11T15:09:00", "id": "CVE-2012-1054", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1054", "published": "2012-05-29T20:55:00", "title": "CVE-2012-1054", "type": "cve", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-12T12:09:50", "bulletinFamily": "NVD", "description": "The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.", "modified": "2019-07-11T15:09:00", "id": "CVE-2012-1053", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1053", "published": "2012-05-29T20:55:00", "title": "CVE-2012-1053", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:21:01", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1372-1", "modified": "2017-12-01T00:00:00", "published": "2012-03-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840907", "id": "OPENVAS:840907", "title": "Ubuntu Update for puppet USN-1372-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1372_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for puppet USN-1372-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Puppet did not drop privileges when executing\n commands as different users. If an attacker had control of the execution\n manifests or the executed command, this could be used to execute code with\n elevated group permissions (typically root). (CVE-2012-1053)\n\n It was discovered that Puppet unsafely opened files when the k5login type\n is used to manage files. A local attacker could exploit this to overwrite\n arbitrary files and escalate privileges. (CVE-2012-1054)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1372-1\";\ntag_affected = \"puppet on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1372-1/\");\n script_id(840907);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 18:56:11 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name: \"USN\", value: \"1372-1\");\n script_name(\"Ubuntu Update for puppet USN-1372-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.8\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2419-1.", "modified": "2019-03-18T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:136141256231071147", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071147", "title": "Debian Security Advisory DSA 2419-1 (puppet)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2419_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2419-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71147\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:32:34 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Debian Security Advisory DSA 2419-1 (puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202419-1\");\n script_tag(name:\"insight\", value:\"Two vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\nCVE-2012-1053\nPuppet runs execs with an unintended group privileges,\npotentially leading to privilege escalation.\n\nCVE-2012-1054\nThe k5login type writes to untrusted locations,\nenabling local users to escalate their privileges\nif the k5login type is used.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.7.11-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your puppet packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to puppet\nannounced via advisory DSA 2419-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:33", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1372-1", "modified": "2019-03-13T00:00:00", "published": "2012-03-09T00:00:00", "id": "OPENVAS:1361412562310840907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840907", "title": "Ubuntu Update for puppet USN-1372-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1372_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1372-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1372-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840907\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 18:56:11 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"USN\", value:\"1372-1\");\n script_name(\"Ubuntu Update for puppet USN-1372-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1372-1\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Puppet did not drop privileges when executing\n commands as different users. If an attacker had control of the execution\n manifests or the executed command, this could be used to execute code with\n elevated group permissions (typically root). (CVE-2012-1053)\n\n It was discovered that Puppet unsafely opened files when the k5login type\n is used to manage files. A local attacker could exploit this to overwrite\n arbitrary files and escalate privileges. (CVE-2012-1054)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.8\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:03", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120414", "title": "Amazon Linux Local Check: ALAS-2012-53", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2012-53.nasl 6578 2017-07-06 13:44:33Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120414\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:25:51 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2012-53\");\n script_tag(name:\"insight\", value:\"Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.\");\n script_tag(name:\"solution\", value:\"Run yum update puppet to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-53.html\");\n script_cve_id(\"CVE-2012-1054\", \"CVE-2012-1053\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"puppet-server\", rpm:\"puppet-server~2.6.14~1.5.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.5.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"puppet-debuginfo\", rpm:\"puppet-debuginfo~2.6.14~1.5.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2419-1.", "modified": "2017-07-07T00:00:00", "published": "2012-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71147", "id": "OPENVAS:71147", "title": "Debian Security Advisory DSA 2419-1 (puppet)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2419_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2419-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\nCVE-2012-1053\nPuppet runs execs with an unintended group privileges,\npotentially leading to privilege escalation.\n\nCVE-2012-1054\nThe k5login type writes to untrusted locations,\nenabling local users to escalate their privileges\nif the k5login type is used.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.7.11-1.\n\nWe recommend that you upgrade your puppet packages.\";\ntag_summary = \"The remote host is missing an update to puppet\nannounced via advisory DSA 2419-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202419-1\";\n\nif(description)\n{\n script_id(71147);\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:32:34 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Debian Security Advisory DSA 2419-1 (puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864430", "title": "Fedora Update for puppet FEDORA-2012-2325", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2325\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075087.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864430\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:30 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-2325\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2325\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:01", "bulletinFamily": "scanner", "description": "Check for the Version of puppet", "modified": "2018-01-01T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864430", "id": "OPENVAS:864430", "title": "Fedora Update for puppet FEDORA-2012-2325", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2325\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 17\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075087.html\");\n script_id(864430);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:30 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-2325\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2325\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863896", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863896", "title": "Fedora Update for puppet FEDORA-2012-2415", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2415\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075035.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863896\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:30:32 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-2415\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2415\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:58:18", "bulletinFamily": "scanner", "description": "Check for the Version of puppet", "modified": "2018-01-08T00:00:00", "published": "2012-04-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863896", "id": "OPENVAS:863896", "title": "Fedora Update for puppet FEDORA-2012-2415", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2415\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 16\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075035.html\");\n script_id(863896);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:30:32 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-2415\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2415\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:1361412562310864185", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864185", "title": "Fedora Update for puppet FEDORA-2012-5999", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-5999\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864185\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:07:55 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1053\",\n \"CVE-2012-1054\", \"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-5999\");\n script_name(\"Fedora Update for puppet FEDORA-2012-5999\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.16~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:44", "bulletinFamily": "unix", "description": "Micah Anderson uploaded new packages for puppet which fixed the\nfollowing security problems: CVE-2012-1053 and CVE-2012-1054\n\n CVE-2012-1053\n\n Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation.\n\n CVE-2012-1054\n\n The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used.\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 2.7.11-1~bpo60+1.\n\n\n\n-- \n\n", "modified": "2012-03-26T07:46:46", "published": "2012-03-26T07:46:46", "id": "DEBIAN:BSA-065:5B213", "href": "https://lists.debian.org/debian-backports-announce/2012/debian-backports-announce-201203/msg00003.html", "title": "[BSA-065] Security Update for puppet", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-25T02:21:33", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2419-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 27, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-1053 CVE-2012-1054\n\nTwo vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\nCVE-2012-1053\n\tPuppet runs execs with an unintended group privileges,\n\tpotentially leading to privilege escalation.\n\nCVE-2012-1054\n\tThe k5login type writes to untrusted locations,\n\tenabling local users to escalate their privileges\n\tif the k5login type is used.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.7.11-1.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-02-27T19:47:30", "published": "2012-02-27T19:47:30", "id": "DEBIAN:DSA-2419-1:38FC3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00047.html", "title": "[SECURITY] [DSA 2419-1] puppet security update", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2019-05-29T17:22:40", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nPuppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.\n\nThe change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. \n\n \n**Affected Packages:** \n\n\npuppet\n\n \n**Issue Correction:** \nRun _yum update puppet_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n puppet-server-2.6.14-1.5.amzn1.i686 \n puppet-2.6.14-1.5.amzn1.i686 \n puppet-debuginfo-2.6.14-1.5.amzn1.i686 \n \n src: \n puppet-2.6.14-1.5.amzn1.src \n \n x86_64: \n puppet-server-2.6.14-1.5.amzn1.x86_64 \n puppet-2.6.14-1.5.amzn1.x86_64 \n puppet-debuginfo-2.6.14-1.5.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T15:40:00", "published": "2014-09-14T15:40:00", "id": "ALAS-2012-053", "href": "https://alas.aws.amazon.com/ALAS-2012-53.html", "title": "Medium: puppet", "type": "amazon", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-01T02:27:00", "bulletinFamily": "scanner", "description": "Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2012-2325.NASL", "href": "https://www.tenable.com/plugins/nessus/58305", "published": "2012-03-12T00:00:00", "title": "Fedora 17 : puppet-2.6.14-1.fc17 (2012-2325)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2325.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58305);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"FEDORA\", value:\"2012-2325\");\n\n script_name(english:\"Fedora 17 : puppet-2.6.14-1.fc17 (2012-2325)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791002\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5511994f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"puppet-2.6.14-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:30:34", "bulletinFamily": "scanner", "description": "It was discovered that Puppet did not drop privileges when executing\ncommands as different users. If an attacker had control of the\nexecution manifests or the executed command, this could be used to\nexecute code with elevated group permissions (typically root).\n(CVE-2012-1053)\n\nIt was discovered that Puppet unsafely opened files when the k5login\ntype is used to manage files. A local attacker could exploit this to\noverwrite arbitrary files and escalate privileges. (CVE-2012-1054).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-1372-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58118", "published": "2012-02-24T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : puppet vulnerabilities (USN-1372-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1372-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58118);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_bugtraq_id(52158);\n script_xref(name:\"USN\", value:\"1372-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : puppet vulnerabilities (USN-1372-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Puppet did not drop privileges when executing\ncommands as different users. If an attacker had control of the\nexecution manifests or the executed command, this could be used to\nexecute code with elevated group permissions (typically root).\n(CVE-2012-1053)\n\nIt was discovered that Puppet unsafely opened files when the k5login\ntype is used to manage files. A local attacker could exploit this to\noverwrite arbitrary files and escalate privileges. (CVE-2012-1054).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1372-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"puppet-common\", pkgver:\"0.25.4-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"puppet-common\", pkgver:\"2.6.1-0ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"puppet-common\", pkgver:\"2.6.4-2ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"puppet-common\", pkgver:\"2.7.1-1ubuntu3.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:27:00", "bulletinFamily": "scanner", "description": "Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2012-2367.NASL", "href": "https://www.tenable.com/plugins/nessus/58306", "published": "2012-03-12T00:00:00", "title": "Fedora 15 : puppet-2.6.14-1.fc15 (2012-2367)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2367.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58306);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"FEDORA\", value:\"2012-2367\");\n\n script_name(english:\"Fedora 15 : puppet-2.6.14-1.fc15 (2012-2367)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791002\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bee1b063\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"puppet-2.6.14-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:27:00", "bulletinFamily": "scanner", "description": "Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2012-2415.NASL", "href": "https://www.tenable.com/plugins/nessus/58307", "published": "2012-03-12T00:00:00", "title": "Fedora 16 : puppet-2.6.14-1.fc16 (2012-2415)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2415.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58307);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"FEDORA\", value:\"2012-2415\");\n\n script_name(english:\"Fedora 16 : puppet-2.6.14-1.fc16 (2012-2415)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791002\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04337b32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"puppet-2.6.14-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:18:04", "bulletinFamily": "scanner", "description": "This update of puppet fixes two vulnerabilities that could potentially\nbe exploited by local attackers to escalate privileges due to improper\nprivilege dropping and file handling issues (symlink flaws) in puppet.\n(CVE-2012-1053 / CVE-2012-1054)", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_PUPPET-120224.NASL", "href": "https://www.tenable.com/plugins/nessus/58203", "published": "2012-03-05T00:00:00", "title": "SuSE 11.1 Security Update : puppet (SAT Patch Number 5876)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58203);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:56:04 $\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n\n script_name(english:\"SuSE 11.1 Security Update : puppet (SAT Patch Number 5876)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of puppet fixes two vulnerabilities that could potentially\nbe exploited by local attackers to escalate privileges due to improper\nprivilege dropping and file handling issues (symlink flaws) in puppet.\n(CVE-2012-1053 / CVE-2012-1054)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1054.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5876.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"puppet-2.6.12-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"puppet-2.6.12-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-2.6.12-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-server-2.6.12-0.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:13:53", "bulletinFamily": "scanner", "description": "Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet\nEnterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when\nmanaging a user login file with the k5login resource type, allows\nlocal users to gain privileges via a symlink attack on .k5login.\n\nThe change_user method in the SUIDManager\n(lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and\n2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x,\n2.0.x before 2.0.3 does not properly manage group privileges, which\nallows local users to gain privileges via vectors related to (1) the\nchange_user not dropping supplementary groups in certain conditions,\n(2) changes to the eguid without associated changes to the egid, or\n(3) the addition of the real gid to supplementary groups.", "modified": "2019-11-02T00:00:00", "id": "ALA_ALAS-2012-53.NASL", "href": "https://www.tenable.com/plugins/nessus/69660", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : puppet (ALAS-2012-53)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-53.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69660);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"ALAS\", value:\"2012-53\");\n\n script_name(english:\"Amazon Linux AMI : puppet (ALAS-2012-53)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet\nEnterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when\nmanaging a user login file with the k5login resource type, allows\nlocal users to gain privileges via a symlink attack on .k5login.\n\nThe change_user method in the SUIDManager\n(lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and\n2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x,\n2.0.x before 2.0.3 does not properly manage group privileges, which\nallows local users to gain privileges via vectors related to (1) the\nchange_user not dropping supplementary groups in certain conditions,\n(2) changes to the eguid without associated changes to the egid, or\n(3) the addition of the real gid to supplementary groups.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-53.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update puppet' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"puppet-2.6.14-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-debuginfo-2.6.14-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-server-2.6.14-1.5.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-debuginfo / puppet-server\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:21:11", "bulletinFamily": "scanner", "description": "Two vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\n - CVE-2012-1053\n Puppet runs execs with an unintended group privileges,\n potentially leading to privilege escalation.\n\n - CVE-2012-1054\n The k5login type writes to untrusted locations, enabling\n local users to escalate their privileges if the k5login\n type is used.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2419.NASL", "href": "https://www.tenable.com/plugins/nessus/58136", "published": "2012-02-28T00:00:00", "title": "Debian DSA-2419-1 : puppet - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2419. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58136);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_bugtraq_id(52158);\n script_xref(name:\"DSA\", value:\"2419\");\n\n script_name(english:\"Debian DSA-2419-1 : puppet - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\n - CVE-2012-1053\n Puppet runs execs with an unintended group privileges,\n potentially leading to privilege escalation.\n\n - CVE-2012-1054\n The k5login type writes to untrusted locations, enabling\n local users to escalate their privileges if the k5login\n type is used.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2419\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the puppet packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"puppet\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-common\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-el\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-testsuite\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppetmaster\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vim-puppet\", reference:\"2.6.2-5+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:00:30", "bulletinFamily": "scanner", "description": " - Fixed bnc#747657: CVE-2012-1053, CVE-2012-1054: improper\n privilege dropping and file handling flaws This was done\n by updating to the new version in stable branch. The\n stable branch receives only security fixes and this\n update does not provide any new features.\n\n - Fixed bnc#755869 CVE-2012-1988: Filebucket arbitrary\n code execution\n\n - Fixed bnc#755872 CVE-2012-1986: Arbitrary File Read\n\n - Fixed bnc#755870 CVE-2012-1987: Denial of Service\n\n - Fixed bnc#755871 CVE-2012-1989: Arbitrary File Write", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2012-369.NASL", "href": "https://www.tenable.com/plugins/nessus/74671", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : puppet (openSUSE-SU-2012:0835-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-369.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74671);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2012:0835-1)\");\n script_summary(english:\"Check for the openSUSE-2012-369 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixed bnc#747657: CVE-2012-1053, CVE-2012-1054: improper\n privilege dropping and file handling flaws This was done\n by updating to the new version in stable branch. The\n stable branch receives only security fixes and this\n update does not provide any new features.\n\n - Fixed bnc#755869 CVE-2012-1988: Filebucket arbitrary\n code execution\n\n - Fixed bnc#755872 CVE-2012-1986: Arbitrary File Read\n\n - Fixed bnc#755870 CVE-2012-1987: Denial of Service\n\n - Fixed bnc#755871 CVE-2012-1989: Arbitrary File Write\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-07/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-2.6.16-4.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-server-2.6.16-4.23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:40:24", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201203-03\n(Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Puppet. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could gain elevated privileges, or access and modify\n arbitrary files. Furthermore, a remote attacker may be able to spoof a\n Puppet Master or write X.509 Certificate Signing Requests to arbitrary\n locations.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201203-03.NASL", "href": "https://www.tenable.com/plugins/nessus/58213", "published": "2012-03-06T00:00:00", "title": "GLSA-201203-03 : Puppet: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58213);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2009-3564\", \"CVE-2010-0156\", \"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\", \"CVE-2012-1053\", \"CVE-2012-1054\");\n script_bugtraq_id(36628, 38474, 49860, 49909, 50356, 52158);\n script_xref(name:\"GLSA\", value:\"201203-03\");\n\n script_name(english:\"GLSA-201203-03 : Puppet: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-03\n(Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Puppet. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could gain elevated privileges, or access and modify\n arbitrary files. Furthermore, a remote attacker may be able to spoof a\n Puppet Master or write X.509 Certificate Signing Requests to arbitrary\n locations.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Puppet users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.11'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/puppet\", unaffected:make_list(\"ge 2.7.11\"), vulnerable:make_list(\"lt 2.7.11\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Puppet\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2419-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nFebruary 27, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : puppet\r\nVulnerability : several\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2012-1053 CVE-2012-1054\r\n\r\nTwo vulnerabilities were discovered in Puppet, a centralized\r\nconfiguration management tool.\r\n\r\nCVE-2012-1053\r\n Puppet runs execs with an unintended group privileges,\r\n potentially leading to privilege escalation.\r\n\r\nCVE-2012-1054\r\n The k5login type writes to untrusted locations,\r\n enabling local users to escalate their privileges\r\n if the k5login type is used.\r\n\r\nFor the stable distribution &#40;squeeze&#41;, these problems have been fixed\r\nin version 2.6.2-5+squeeze4.\r\n\r\nFor the testing distribution &#40;wheezy&#41; and the unstable distribution\r\n&#40;sid&#41;, these problems have been fixed in version 2.7.11-1.\r\n\r\nWe recommend that you upgrade your puppet packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niQEcBAEBAgAGBQJPS+FdAAoJEL97/wQC1SS+ZQQIAJSwK65I2Zu3vbszCf0Ba+AP\r\nhVHLLNdyA56clrDwvqhIf7jncAY9BrkykVkML2fu8K8Zn8hn96r4GyZ1MkzWMBqK\r\nSmf4tZTEr1fD0QGbXLmHCZGMosdZVg6RJtBwhfwG8QNBYjspBBzaQ0kixHMHxiam\r\nKkYSuFcc1oLfVhJe0ubIIy30mIinaEpLQ6Sxhe75Cm8aIq7gUG60LSlxI5auKBZu\r\nw4U52CRdfZPd8I0UIswudD9hEW8Chr7hfq9yBiANXhB8lHyFMpf9nrUNhiC7oAtK\r\ni3GWGrKm71paTrS9aMva4c73/Mz9zqMlI905Nt0OgGJqMxqXbxOkE9YrjgKaQ5g=\r\n=90wL\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-03-09T00:00:00", "published": "2012-03-09T00:00:00", "id": "SECURITYVULNS:DOC:27729", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27729", "title": "[SECURITY] [DSA 2419-1] puppet security update", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "description": "Privilege escalation conditions.", "modified": "2012-03-09T00:00:00", "published": "2012-03-09T00:00:00", "id": "SECURITYVULNS:VULN:12237", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12237", "title": "Puppet security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:14", "bulletinFamily": "unix", "description": "It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). (CVE-2012-1053)\n\nIt was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. (CVE-2012-1054)", "modified": "2012-02-23T00:00:00", "published": "2012-02-23T00:00:00", "id": "USN-1372-1", "href": "https://usn.ubuntu.com/1372-1/", "title": "Puppet vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "description": "### Background\n\nPuppet is a system configuration management tool written in Ruby.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could gain elevated privileges, or access and modify arbitrary files. Furthermore, a remote attacker may be able to spoof a Puppet Master or write X.509 Certificate Signing Requests to arbitrary locations. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Puppet users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/puppet-2.7.11\"", "modified": "2012-03-06T00:00:00", "published": "2012-03-06T00:00:00", "id": "GLSA-201203-03", "href": "https://security.gentoo.org/glsa/201203-03", "type": "gentoo", "title": "Puppet: Multiple vulnerabilities", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}