Puppet 0.24.x prior to 0.24.9 and 0.25.x prior to 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppet 0.24.6 |
||
puppet puppet 0.25.0 |
||
puppet puppet 0.25.1 |
||
puppet puppet 0.24.5 |
||
puppet puppet 0.25.2 |
||
puppet puppet 0.24.7 |
||
puppet puppet 0.24.8 |
||
puppet puppet 0.24.4 |
||
puppet puppet 0.24.3 |