CVE-2012-1053

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://projects.puppetlabs.com/issues/12459
http://www.securityfocus.com/bid/52158
http://secunia.com/advisories/48166	Vendor Advisory
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
http://secunia.com/advisories/48290	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
http://secunia.com/advisories/48161	Vendor Advisory
http://projects.puppetlabs.com/issues/12457
http://www.osvdb.org/79495
http://projects.puppetlabs.com/issues/12458
http://puppetlabs.com/security/cve/cve-2012-1053/	Vendor Advisory
http://www.debian.org/security/2012/dsa-2419
http://secunia.com/advisories/48157
http://ubuntu.com/usn/usn-1372-1
https://hermes.opensuse.org/messages/15087408
https://exchange.xforce.ibmcloud.com/vulnerabilities/73445

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:puppet:puppet:2.6.13:::::::*
	cpe:2.3:a:puppet:puppet:2.6.5:::::::*
	cpe:2.3:a:puppet:puppet:2.6.4:::::::*
	cpe:2.3:a:puppet:puppet:2.6.10:::::::*
	cpe:2.3:a:puppet:puppet:2.6.9:::::::*
	cpe:2.3:a:puppet:puppet:2.6.8:::::::*
	cpe:2.3:a:puppet:puppet:2.6.1:::::::*
	cpe:2.3:a:puppet:puppet:2.6.0:::::::*
	cpe:2.3:a:puppet:puppet:2.6.7:::::::*
	cpe:2.3:a:puppet:puppet:2.6.6:::::::*
	cpe:2.3:a:puppet:puppet:2.6.12:::::::*
	cpe:2.3:a:puppet:puppet:2.6.2:::::::*
	cpe:2.3:a:puppet:puppet:2.6.3:::::::*
	cpe:2.3:a:puppet:puppet:2.6.11:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:puppet:puppet:2.7.9:::::::*
	cpe:2.3:a:puppet:puppet:2.7.8:::::::*
	cpe:2.3:a:puppet:puppet:2.7.4:::::::*
	cpe:2.3:a:puppet:puppet:2.7.3:::::::*
	cpe:2.3:a:puppet:puppet:2.7.5:::::::*
	cpe:2.3:a:puppet:puppet:2.7.2:::::::*
	cpe:2.3:a:puppet:puppet:2.7.10:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.1:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.0:::::::*
	cpe:2.3:a:puppet:puppet:2.7.7:::::::*
	cpe:2.3:a:puppet:puppet:2.7.6:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:puppet:puppet_enterprise:1.2.3:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.2.4:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.2.0:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.0.1:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.2.1:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.2.2:::::::*
	cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:::::::*
	cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.0.0:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.0.2:::::::*

Information

Published : 2012-05-29 13:55

Updated : 2019-07-11 08:09

NVD link : CVE-2012-1053

Mitre link : CVE-2012-1053

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

puppet

puppet_enterprise
puppet

puppetlabs

puppet
puppet_enterprise_users

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://projects.puppetlabs.com/issues/12459", "name": "http://projects.puppetlabs.com/issues/12459", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/52158", "name": "52158", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/48166", "name": "48166", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14", "name": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/48290", "name": "48290", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html", "name": "SUSE-SU-2012:0325", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/48161", "name": "48161", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://projects.puppetlabs.com/issues/12457", "name": "http://projects.puppetlabs.com/issues/12457", "tags": [], "refsource": "MISC"}, {"url": "http://www.osvdb.org/79495", "name": "79495", "tags": [], "refsource": "OSVDB"}, {"url": "http://projects.puppetlabs.com/issues/12458", "name": "http://projects.puppetlabs.com/issues/12458", "tags": [], "refsource": "MISC"}, {"url": "http://puppetlabs.com/security/cve/cve-2012-1053/", "name": "http://puppetlabs.com/security/cve/cve-2012-1053/", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2012/dsa-2419", "name": "DSA-2419", "tags": [], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/48157", "name": "48157", "tags": [], "refsource": "SECUNIA"}, {"url": "http://ubuntu.com/usn/usn-1372-1", "name": "USN-1372-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://hermes.opensuse.org/messages/15087408", "name": "openSUSE-SU-2012:0835", "tags": [], "refsource": "SUSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73445", "name": "puppet-forked-priv-escalation(73445)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1053", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-05-29T20:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-07-11T15:09Z"}

6.9 /10