Computer Security
[EN] securityvulns.ru
no-pyccku

  

puppet privilege escalation
Published:25.03.2010
Source:
SecurityVulns ID:10719
Type:local
Threat Level:
5/10
Description:Elevated privileges are not dropped on files access, symbolic links vulnerability.
Affected:PUPPET : puppet 0.24
CVE:CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.)
 CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.)
Original documentdocumentUBUNTU, [USN-917-1] Puppet vulnerabilities (25.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru