CVE-2012-1989
Puppet 2.7.x < 2.7.13 & Puppet Enterprise 1.2.x, 2.0.x, 2.5.x - Arbitrary File Write via Symlink
Title source: llmDescription
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
References (11)
Core 11
Core References
Issue Tracking x_refsource_misc
http://projects.puppetlabs.com/issues/13606
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1419-1
Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2012-1989/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48743
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
Third Party Advisory x_refsource_confirm
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49136
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52975
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48748
Various Sources vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/15087408
Scores
EPSS
0.0006
EPSS Percentile
18.2%
Details
CWE
CWE-264
Status
published
Products (21)
puppet/puppet
2.7.3
puppet/puppet
2.7.4
puppet/puppet
2.7.5
puppet/puppet
2.7.6
puppet/puppet
2.7.8
puppet/puppet
2.7.9
puppet/puppet
2.7.10
puppet/puppet
2.7.11
puppet/puppet
2.7.12
puppet/puppet_enterprise
1.2.0
... and 11 more
Published
Jun 27, 2012
Tracked Since
Feb 18, 2026