CVE-2011-3870

Name of the Vulnerable Software and Affected Versions Puppet versions 2.7.x through 2.7.4 Puppet versions 2.6.x through 2.6.10 Puppet versions 0.25.x

Description The issue allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized keys file. Multiple vulnerabilities in the Puppet package can lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited locally.

Recommendations For Puppet versions 2.7.x through 2.7.4, update to version 2.7.5 or later. For Puppet versions 2.6.x through 2.6.10, update to version 2.6.11 or later. For Puppet versions 0.25.x, update to a version later than 0.25.x, as no specific end version is provided in the input data.