Published: 07/01/2014 Updated: 24/01/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Puppet prior to 3.3.3 and 3.4 prior to 3.4.1 and Puppet Enterprise (PE) prior to 2.8.4 and 3.1 prior to 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
puppetlabs puppet
puppet puppet enterprise
debian debian linux 6.0
debian debian linux 7.0
debian debian linux 8.0
canonical ubuntu linux 12.04
canonical ubuntu linux 13.04
canonical ubuntu linux 12.10
canonical ubuntu linux 13.10

Puppet could be made to overwrite files ...

An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management An attacker can exploit this vulnerability and overwrite an arbitrary file in the system For the oldstable distribution (squeeze), this problem has been fixed in version 262-5+squeeze9 For the stable distribution (wheezy), this problem ha ...

Puppet before 333 and 34 before 341 and Puppet Enterprise (PE) before 284 and 31 before 311 allows local users to overwrite arbitrary files via a symlink attack on unspecified files ...

CWE-59 http://puppetlabs.com/security/cve/cve-2013-4969 http://www.debian.org/security/2013/dsa-2831 http://secunia.com/advisories/56253 http://secunia.com/advisories/56254 http://www.ubuntu.com/usn/USN-2077-1 https://usn.ubuntu.com/2077-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4969

CVE-2013-4969

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect