PT-2011-1169 · Puppet · Puppet

Publicado

2011-10-27

Atualizado

2022-05-14

CVE-2011-3869

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Puppet versions 2.7.x through 2.7.4 Puppet versions 2.6.x through 2.6.10 Puppet versions 0.25.x

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the .k5login file, potentially leading to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally.

Recommendations For Puppet versions 2.7.x through 2.7.4, update to version 2.7.5 or later. For Puppet versions 2.6.x through 2.6.10, update to version 2.6.11 or later. For Puppet versions 0.25.x, update to a version later than 0.25.x, as no specific end version is provided in the input data.

Exploit

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-59

Identificadores relacionados

BDU:2015-09427

CVE-2011-3869

DSA-2314-1

GHSA-8C56-V25W-F89C

Produtos afetados

Puppet

PT-2011-1169 · Puppet · Puppet

CVE-2011-3869

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20