ID USN-2077-1 Type ubuntu Reporter Ubuntu Modified 2014-01-06T00:00:00
Description
It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.
{"result": {"cve": [{"id": "CVE-2013-4969", "type": "cve", "title": "CVE-2013-4969", "description": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.", "published": "2014-01-07T13:55:06", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4969", "cvelist": ["CVE-2013-4969"], "lastseen": "2016-09-03T18:54:11"}], "openvas": [{"id": "OPENVAS:1361412562310120009", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2014-288", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120009", "cvelist": ["CVE-2013-4969"], "lastseen": "2017-07-28T10:48:48"}, {"id": "OPENVAS:702831", "type": "openvas", "title": "Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)", "description": "An unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.", "published": "2013-12-31T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702831", "cvelist": ["CVE-2013-4969"], "lastseen": "2017-07-24T12:51:55"}, {"id": "OPENVAS:841684", "type": "openvas", "title": "Ubuntu Update for puppet USN-2077-1", "description": "Check for the Version of puppet", "published": "2014-01-10T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841684", "cvelist": ["CVE-2013-4969"], "lastseen": "2017-12-04T11:16:22"}, {"id": "OPENVAS:1361412562310841684", "type": "openvas", "title": "Ubuntu Update for puppet USN-2077-1", "description": "Check for the Version of puppet", "published": "2014-01-10T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841684", "cvelist": ["CVE-2013-4969"], "lastseen": "2018-04-30T13:47:18"}, {"id": "OPENVAS:1361412562310702831", "type": "openvas", "title": "Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)", "description": "An unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.", "published": "2013-12-31T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702831", "cvelist": ["CVE-2013-4969"], "lastseen": "2018-04-06T11:23:05"}, {"id": "OPENVAS:1361412562310867255", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2014-0850", "description": "Check for the Version of puppet", "published": "2014-01-27T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867255", "cvelist": ["CVE-2013-4761", "CVE-2013-4956", "CVE-2013-4969"], "lastseen": "2018-04-09T11:12:31"}, {"id": "OPENVAS:867255", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2014-0850", "description": "Check for the Version of puppet", "published": "2014-01-27T00:00:00", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867255", "cvelist": ["CVE-2013-4761", "CVE-2013-4956", "CVE-2013-4969"], "lastseen": "2017-07-25T10:48:37"}], "nessus": [{"id": "FEDORA_2014-0825.NASL", "type": "nessus", "title": "Fedora 20 : puppet-3.4.2-1.fc20 (2014-0825)", "description": "Update to 3.4.2 to mitigate CVE-2013-4969\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-01-24T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72112", "cvelist": ["CVE-2013-4969"], "lastseen": "2017-10-29T13:44:04"}, {"id": "MANDRIVA_MDVSA-2014-040.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : puppet (MDVSA-2014:040)", "description": "A vulnerability has been discovered and corrected in puppet :\n\nPuppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files (CVE-2013-4969).\n\nThe updated packages have been upgraded to the 2.7.25 version which is not vulnerable to this issue.", "published": "2014-02-19T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72564", "cvelist": ["CVE-2013-4969"], "lastseen": "2017-10-29T13:46:00"}, {"id": "UBUNTU_USN-2077-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : puppet vulnerability (USN-2077-1)", "description": "It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-01-07T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71837", "cvelist": ["CVE-2013-4969"], "lastseen": "2017-10-29T13:36:29"}, {"id": "FEDORA_2014-0850.NASL", "type": "nessus", "title": "Fedora 19 : puppet-3.4.2-1.fc19 (2014-0850)", "description": "Update to 3.4.2 to mitigate CVE-2013-4969\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-01-24T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72113", "cvelist": ["CVE-2013-4969"], "lastseen": "2017-10-29T13:37:41"}, {"id": "PUPPET_CVE_2013-4969.NASL", "type": "nessus", "title": "Puppet Symlink File Overwrite", "description": "According to its self-reported version number, the Puppet install on the remote host is potentially affected by an error related to temporary files and their use. A local attacker could potentially use a symlink attack to overwrite arbitrary files.", "published": "2014-01-27T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72151", "cvelist": ["CVE-2013-4969"], "lastseen": "2017-10-29T13:37:24"}, {"id": "ALA_ALAS-2014-288.NASL", "type": "nessus", "title": "Amazon Linux AMI : puppet (ALAS-2014-288)", "description": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.", "published": "2014-02-05T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72306", "cvelist": ["CVE-2013-4969"], "lastseen": "2018-04-19T07:34:27"}, {"id": "DEBIAN_DSA-2831.NASL", "type": "nessus", "title": "Debian DSA-2831-1 : puppet - insecure temporary files", "description": "An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system.", "published": "2014-01-02T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71779", "cvelist": ["CVE-2013-4969"], "lastseen": "2018-07-10T06:22:01"}, {"id": "SUSE_11_PUPPET-140630.NASL", "type": "nessus", "title": "SuSE 11.3 Security Update : puppet (SAT Patch Number 9472)", "description": "Puppet was updated to fix the following security issues :\n\n - Unsafe use of temporary files. (CVE-2013-4969)\n\n - Arbitrary code execution with required social engineering. (CVE-2014-3248 / CVE-2014-3250)", "published": "2014-07-09T00:00:00", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76424", "cvelist": ["CVE-2013-4969", "CVE-2014-3250", "CVE-2014-3248"], "lastseen": "2017-10-29T13:45:06"}, {"id": "PUPPET_ENTERPRISE_311.NASL", "type": "nessus", "title": "Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities", "description": "According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities :\n\n - An input validation error exists related to the included Ruby version, handling string to floating point conversions that could allow denial of service attacks or arbitrary code execution. (CVE-2013-4164)\n\n - An error exists related to the included RubyGems version and 'gem build', 'Gem::Package', and 'Gem::PackageTask' API calls that could allow denial of service attacks. (CVE-2013-4363)\n\n - An error exists in the 'i18n' gem for Ruby that could allow cross-site scripting attacks. (CVE-2013-4491)\n\n - An error exists related to handling temporary files that could allow a local attacker to overwrite files by using a symlink attack. (CVE-2013-4969)\n\n - An error exists related to the included Ruby on Rails, 'Action View', and handling certain headers that could allow denial of service attacks. (CVE-2013-6414)\n\n - An input validation error exists related to the included Ruby on Rails and the 'unit' parameter in the 'number_to_currency' helper that could allow cross-site scripting attacks. (CVE-2013-6415)\n\n - An input validation error exists related to the included Ruby on Rails, JSON parameter parsing and SQL queries that could allow SQL injection attacks.\n (CVE-2013-6417)", "published": "2014-03-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73132", "cvelist": ["CVE-2013-4491", "CVE-2013-4363", "CVE-2013-6417", "CVE-2013-4969", "CVE-2013-6415", "CVE-2013-6414", "CVE-2013-4164"], "lastseen": "2017-10-29T13:43:59"}], "seebug": [{"id": "SSV:61236", "type": "seebug", "title": "Puppet/Puppet Enterprise\u4e0d\u5b89\u5168\u4e34\u65f6\u6587\u4ef6\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u6f0f\u6d1e", "description": "CVE ID:CVE-2013-4969\r\n\r\npuppet\u662f\u4e00\u6b3eLinux\u3001Unix\u3001windows\u5e73\u53f0\u7684\u96c6\u4e2d\u914d\u7f6e\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nPuppet\u548cPuppet Enterprise\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u4e34\u65f6\u6587\u4ef6\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u4f7f\u7528\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u8986\u76d6\u7cfb\u7edf\u4efb\u610f\u6587\u4ef6\u3002\n0\nPuppet 3.3.2\r\nPuppet 3.4.0\r\nPuppet 2.8.3\r\nPuppet 3.1.0\npuppet 2.8.4\u548c3.1.1\uff0c puppet 3.3.3\u548c3.4.1\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\n\r\nhttp://puppetlabs.com/", "published": "2013-12-30T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-61236", "cvelist": ["CVE-2013-4969"], "lastseen": "2017-11-19T17:37:21"}], "amazon": [{"id": "ALAS-2014-288", "type": "amazon", "title": "Low: puppet", "description": "**Issue Overview:**\n\nPuppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.\n\n \n**Affected Packages:** \n\n\npuppet\n\n \n**Issue Correction:** \nRun _yum update puppet_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n puppet-2.7.25-1.2.amzn1.i686 \n puppet-server-2.7.25-1.2.amzn1.i686 \n puppet-debuginfo-2.7.25-1.2.amzn1.i686 \n \n src: \n puppet-2.7.25-1.2.amzn1.src \n \n x86_64: \n puppet-debuginfo-2.7.25-1.2.amzn1.x86_64 \n puppet-2.7.25-1.2.amzn1.x86_64 \n puppet-server-2.7.25-1.2.amzn1.x86_64 \n \n \n", "published": "2014-02-03T15:28:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://alas.aws.amazon.com/ALAS-2014-288.html", "cvelist": ["CVE-2013-4969"], "lastseen": "2016-09-28T21:04:03"}], "debian": [{"id": "DSA-2831", "type": "debian", "title": "puppet -- insecure temporary files", "description": "An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze9.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 2.7.23-1~deb7u2.\n\nFor the testing distribution (jessie), this problem has been fixed in version 3.4.1-1.\n\nFor the unstable distribution (sid), this problem has been fixed in version 3.4.1-1.\n\nWe recommend that you upgrade your puppet packages.", "published": "2013-12-31T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://www.debian.org/security/dsa-2831", "cvelist": ["CVE-2013-4969"], "lastseen": "2016-09-02T18:36:22"}]}}
