CVE-2012-1054

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*

Information

Published : 2012-05-29 13:55

Updated : 2019-07-11 08:09


NVD link : CVE-2012-1054

Mitre link : CVE-2012-1054


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

puppet

  • puppet_enterprise
  • puppet

puppetlabs

  • puppet
  • puppet_enterprise_users