CVE-2012-1989 - Vulnerability Details

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Puppet	Puppet Puppet Enterprise
Puppetlabs	Puppet

Configuration 1 [-]

OR	cpe:2.3:a:puppet:puppet:2.7.3:::::::*
	cpe:2.3:a:puppet:puppet:2.7.4:::::::*
	cpe:2.3:a:puppet:puppet:2.7.5:::::::*
	cpe:2.3:a:puppet:puppet:2.7.6:::::::*
	cpe:2.3:a:puppet:puppet:2.7.8:::::::*
	cpe:2.3:a:puppet:puppet:2.7.9:::::::*
	cpe:2.3:a:puppet:puppet:2.7.10:::::::*
	cpe:2.3:a:puppet:puppet:2.7.11:::::::*
	cpe:2.3:a:puppet:puppet:2.7.12:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.0:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:puppet:puppet_enterprise:1.2.0:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.2.1:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.2.2:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.2.3:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.2.4:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.0.0:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.0.1:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.0.2:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.5.0:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
http://projects.puppetlabs.com/issues/13606
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
http://puppetlabs.com/security/cve/cve-2012-1989/
http://secunia.com/advisories/48743
http://secunia.com/advisories/48748
http://secunia.com/advisories/49136
http://ubuntu.com/usn/usn-1419-1
http://www.securityfocus.com/bid/52975
https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
https://hermes.opensuse.org/messages/15087408
https://nvd.nist.gov/vuln/detail/CVE-2012-1989
https://www.cve.org/CVERecord?id=CVE-2012-1989

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-06-27T18:00:00

Updated: 2024-08-06T19:17:27.600Z

Reserved: 2012-04-02T00:00:00

Link: CVE-2012-1989

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-06-27T18:55:01.430

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-1989

Redhat

Severity : Low

Publid Date: 2012-04-11T00:00:00Z

Links: CVE-2012-1989 - Bugzilla

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object