Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2012-1053

Published: 29/05/2012 Updated: 11/07/2019
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Puppet

Vulnerability Summary

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

Vulnerable Product Search on Vulmon Subscribe to Product

puppet puppet 2.6.13

puppet puppet 2.6.5

puppet puppet 2.6.4

puppet puppet 2.6.10

puppet puppet 2.6.9

puppet puppet 2.6.8

puppet puppet 2.6.1

puppet puppet 2.6.0

puppet puppet 2.6.7

puppet puppet 2.6.6

puppet puppet 2.6.12

puppet puppet 2.6.11

puppet puppet 2.6.3

puppet puppet 2.6.2

puppet puppet 2.7.9

puppet puppet 2.7.8

puppet puppet 2.7.4

puppet puppet 2.7.3

puppet puppet 2.7.5

puppet puppet 2.7.2

puppet puppet 2.7.10

puppetlabs puppet 2.7.1

puppetlabs puppet 2.7.0

puppet puppet 2.7.7

puppet puppet 2.7.6

puppet puppet enterprise 1.2.3

puppet puppet enterprise 1.2.4

puppet puppet enterprise 1.2.0

puppet puppet enterprise 2.0.1

puppet puppet enterprise 1.2.1

puppet puppet enterprise 1.2.2

puppetlabs puppet enterprise users 1.0

puppetlabs puppet enterprise users 1.1

puppet puppet enterprise 2.0.0

puppet puppet enterprise 2.0.2

Vendor Advisories

Ubuntu Security Notice: puppet vulnerabilities
Puppet could be made to overwrite files and run programs with administrator privileges ...
Amazon Linux AMI: ALAS-2012-053
Puppet 26x before 2614 and 27x before 2711, and Puppet Enterprise (PE) Users 10, 11, 12x, 20x before 203, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on k5login The change_user method in the SUIDManager (lib/puppet/util/suidmanagerrb) in Puppet 26x b ...

References

CWE-264http://projects.puppetlabs.com/issues/12459http://www.securityfocus.com/bid/52158http://secunia.com/advisories/48166http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14http://secunia.com/advisories/48290http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.htmlhttp://secunia.com/advisories/48161http://projects.puppetlabs.com/issues/12457http://www.osvdb.org/79495http://projects.puppetlabs.com/issues/12458http://puppetlabs.com/security/cve/cve-2012-1053/http://www.debian.org/security/2012/dsa-2419http://secunia.com/advisories/48157http://ubuntu.com/usn/usn-1372-1https://hermes.opensuse.org/messages/15087408https://exchange.xforce.ibmcloud.com/vulnerabilities/73445https://usn.ubuntu.com/1372-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook