CVE-2010-0156

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
Link Following
Severity
UNKNOWN
AV:L/AC:M/Au:N/C:N/I:P/A:P
Atk. Vector
LOCAL
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
puppetpuppet
0.24.3
puppetpuppet
0.24.4
puppetpuppet
0.24.5
puppetpuppet
0.24.6
puppetpuppet
0.24.6
puppetpuppet
0.24.6
puppetpuppet
0.24.7
puppetpuppet
0.24.7
puppetpuppet
0.24.8
puppetpuppet
0.24.8
puppetpuppet
0.25.0
puppetpuppet
0.25.0
puppetpuppet
0.25.0
puppetpuppet
0.25.0
puppetpuppet
0.25.1
puppetpuppet
0.25.1
puppetpuppet
0.25.1
puppetpuppet
0.25.2
puppetpuppet
0.25.2
puppetpuppet
0.25.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
lenny
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
puppet
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
Fixed 0.24.8-2ubuntu4.1
released
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
dne