Ubuntu Update For Puppet USN-1223-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1223-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. (CVE-2011-3869) Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. (CVE-2011-3870) It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. (CVE-2011-3871)

Affected

puppet on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2011-3869, CVE-2011-3870, CVE-2011-3871
CVSS Base Score: 6.3
AV:L/AC:M/Au:N/C:N/I:C/A:C

Related Vulnerabilities

Ubuntu Update for cups USN-1207-1
Ubuntu Update for clamav USN-1482-2
Ubuntu Update for avahi vulnerabilities USN-696-1
Ubuntu Update for bind9 vulnerability USN-491-1
Ubuntu Update for curl USN-2474-1

Ubuntu Update for puppet USN-1223-1

Take action and discover your vulnerabilities