Lucene search
Ubuntu.comUB:CVE-2009-3564HistoryOct 06, 2009 - 12:00 a.m.
CVE-2009-3564
2009-10-0600:00:00
ubuntu.com
ubuntu.com
7
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it
switches to a different user, which might allow local users to access
restricted files.
Bugs
- <http://projects.reductivelabs.com/issues/1806>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551073>
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3564>
Notes
| Author | Note |
|---|---|
| mdeslaur | reproducer in upstream bug upstream has not fixed this in 0.24.x as of 2010-03-17 |
Related
prion
prion
Design/Logic Flaw
2009-10-06 17:30:00
debiancve
debiancve
CVE-2009-3564
2009-10-06 17:30:00
cve
cve
CVE-2009-3564
2009-10-06 17:30:00
securityvulns
securityvulns
puppet privilege escalation
2010-03-25 00:00:00
[USN-917-1] Puppet vulnerabilities
2010-03-25 00:00:00
openvas
openvas
Ubuntu Update for puppet vulnerabilities USN-917-1
2010-03-31 00:00:00
Ubuntu: Security Advisory (USN-917-1)
2010-03-31 00:00:00
Gentoo Security Advisory GLSA 201203-03 (puppet)
2012-03-12 00:00:00
nessus
nessus
Ubuntu 9.10 : puppet vulnerabilities (USN-917-1)
2010-03-25 00:00:00
GLSA-201203-03 : Puppet: Multiple vulnerabilities
2012-03-06 00:00:00
ubuntu
ubuntu
Puppet vulnerabilities
2010-03-24 00:00:00
gentoo
gentoo
Puppet: Multiple vulnerabilities
2012-03-06 00:00:00
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
Related for UB:CVE-2009-3564