CVE-2011-3869

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:N/I:C/A:C

Exploitability : 3.4 / Impact : 9.2

References

Link	Resource
http://www.ubuntu.com/usn/USN-1223-1
http://www.ubuntu.com/usn/USN-1223-2
http://www.debian.org/security/2011/dsa-2314
http://secunia.com/advisories/46458	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb	Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html	Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html	Patch
https://puppet.com/security/cve/cve-2011-3869

Configurations

Configuration 1 (hide)

Configuration 2 (hide)

Information

Published : 2011-10-27 13:55

Updated : 2019-07-10 07:13

NVD link : CVE-2011-3869

Mitre link : CVE-2011-3869

JSON object : View

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

Products Affected

puppetlabs

puppet