Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.2
CVSSv2

CVE-2011-3871

Published: 27/10/2011 Updated: 10/07/2019
CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9
VMScore: 552
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Puppet

Vulnerability Summary

Puppet 2.7.x prior to 2.7.5, 2.6.x prior to 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

puppet puppet 2.7.2

puppetlabs puppet 2.7.1

puppet puppet 2.6.4

puppet puppet 2.6.3

puppet puppet 2.6.10

puppet puppet 2.6.0

puppet puppet 2.6.6

puppet puppet 2.6.5

puppetlabs puppet 2.7.0

puppet puppet 2.7.4

puppet puppet 2.6.2

puppet puppet 2.6.1

puppet puppet 2.7.3

puppet puppet 2.6.9

puppet puppet 2.6.8

puppet puppet 2.6.7

puppet puppet 0.25.4

puppet puppet 0.25.5

puppet puppet 0.25.3

puppet puppet 0.25.2

puppet puppet 0.25.1

puppet puppet 0.25.0

puppet puppet 0.25.6

Vendor Advisories

Ubuntu Security Notice: puppet vulnerabilities
Puppet could be made to overwrite files and run programs with administrator privileges ...
Ubuntu Security Notice: puppet regression
USN-1223-1 caused a regression with managing SSH authorized_keys files ...
Debian Security Advisories: DSA-2314-1 puppet -- multiple vulnerabilities
Multiple security issues have been discovered in Puppet, a centralized configuration management system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X509 Certificate Signing Request at ...
Amazon Linux AMI: ALAS-2011-011
Puppet 27x before 275, 26x before 2611, and 025x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files Puppet 27x before 275, 26x before 2611, and 025x allows local users to modify the permissions of arbitrary files via a sy ...

References

CWE-264http://secunia.com/advisories/46458http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.htmlhttp://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cbhttp://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.htmlhttp://www.ubuntu.com/usn/USN-1223-1http://www.ubuntu.com/usn/USN-1223-2http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.htmlhttp://www.debian.org/security/2011/dsa-2314https://puppet.com/security/cve/cve-2011-3871https://nvd.nist.govhttps://usn.ubuntu.com/1223-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook