Computer Security
[EN] no-pyccku

puppet privilege escalation
SecurityVulns ID:10719
Threat Level:
Description:Elevated privileges are not dropped on files access, symbolic links vulnerability.
Affected:PUPPET : puppet 0.24
CVE:CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.)
 CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.)
Original documentdocumentUBUNTU, [USN-917-1] Puppet vulnerabilities (25.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod