CVE-2010-0156
Published: 3 March 2010
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
Priority
Status
Package | Release | Status |
---|---|---|
puppet Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Released
(0.24.8-2ubuntu4.1)
|
|
lucid |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
maverick |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
natty |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
oneiric |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
upstream |
Released
(0.25.2)
|
|
Patches: upstream: http://projects.reductivelabs.com/projects/puppet/repository/revisions/0aae57f91dc69b22fb674f8de3a13c22edd07128/diff upstream: http://projects.reductivelabs.com/projects/puppet/repository/revisions/0dee418554151289b13136c43f0d1d6484efbac7/diff |