Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-1053
HistoryFeb 23, 2012 - 12:00 a.m.

CVE-2012-1053

2012-02-2300:00:00
ubuntu.com
ubuntu.com
7

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.5%

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb)
in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet
Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly
manage group privileges, which allows local users to gain privileges via
vectors related to (1) the change_user not dropping supplementary groups in
certain conditions, (2) changes to the eguid without associated changes to
the egid, or (3) the addition of the real gid to supplementary groups.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpuppet< 0.25.4-2ubuntu6.6UNKNOWN
ubuntu10.10noarchpuppet< 2.6.1-0ubuntu2.6UNKNOWN
ubuntu11.04noarchpuppet< 2.6.4-2ubuntu2.8UNKNOWN
ubuntu11.10noarchpuppet< 2.7.1-1ubuntu3.5UNKNOWN

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.5%

Related for UB:CVE-2012-1053