CVE-2012-1054

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
puppetpuppet
2.6.0
puppetpuppet
2.6.1
puppetpuppet
2.6.2
puppetpuppet
2.6.3
puppetpuppet
2.6.4
puppetpuppet
2.6.5
puppetpuppet
2.6.6
puppetpuppet
2.6.7
puppetpuppet
2.6.8
puppetpuppet
2.6.9
puppetpuppet
2.6.10
puppetpuppet
2.6.11
puppetpuppet
2.6.12
puppetpuppet
2.6.13
puppetpuppet
2.7.2
puppetpuppet
2.7.3
puppetpuppet
2.7.4
puppetpuppet
2.7.5
puppetpuppet
2.7.6
puppetpuppet
2.7.7
puppetpuppet
2.7.8
puppetpuppet
2.7.9
puppetpuppet
2.7.10
puppetlabspuppet
2.7.0
puppetlabspuppet
2.7.1
puppetpuppet_enterprise
1.2.0
puppetpuppet_enterprise
1.2.1
puppetpuppet_enterprise
1.2.2
puppetpuppet_enterprise
1.2.3
puppetpuppet_enterprise
1.2.4
puppetpuppet_enterprise
2.0.0
puppetpuppet_enterprise
2.0.1
puppetpuppet_enterprise
2.0.2
puppetlabspuppet_enterprise_users
1.0
puppetlabspuppet_enterprise_users
1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
puppet
oneiric
Fixed 2.7.1-1ubuntu3.5
released
natty
Fixed 2.6.4-2ubuntu2.8
released
maverick
Fixed 2.6.1-0ubuntu2.6
released
lucid
Fixed 0.25.4-2ubuntu6.6
released
hardy
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
http://projects.puppetlabs.com/issues/12460
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
http://puppetlabs.com/security/cve/cve-2012-1054/
http://secunia.com/advisories/48157
http://secunia.com/advisories/48161
http://secunia.com/advisories/48166
http://secunia.com/advisories/48290
http://ubuntu.com/usn/usn-1372-1
http://www.debian.org/security/2012/dsa-2419
http://www.osvdb.org/79496
http://www.securityfocus.com/bid/52158
https://exchange.xforce.ibmcloud.com/vulnerabilities/73446
https://hermes.opensuse.org/messages/15087408
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
http://projects.puppetlabs.com/issues/12460
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
http://puppetlabs.com/security/cve/cve-2012-1054/
http://secunia.com/advisories/48157
http://secunia.com/advisories/48161
http://secunia.com/advisories/48166
http://secunia.com/advisories/48290
http://ubuntu.com/usn/usn-1372-1
http://www.debian.org/security/2012/dsa-2419
http://www.osvdb.org/79496
http://www.securityfocus.com/bid/52158
https://exchange.xforce.ibmcloud.com/vulnerabilities/73446
https://hermes.opensuse.org/messages/15087408