CVE-2009-3564

Name of the Vulnerable Software and Affected Versions puppet versions prior to 2.7.11 puppet version 0.24.6

Description The issue concerns multiple vulnerabilities in the puppet package that can be exploited locally, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, in puppet 0.24.6, the puppetmasterd does not reset supplementary groups when switching to a different user. This might allow local users to access restricted files.

Recommendations For puppet versions prior to 2.7.11, update to version 2.7.11 or later to resolve the issue. For puppet version 0.24.6, consider restricting access to sensitive files and directories as a temporary workaround until a patch is available.