Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1419-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. (CVE-2012-1906)
It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files.
(CVE-2012-1986)
It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. (CVE-2012-1987)
It was discovered that Puppet incorrectly handled filebucket requests. A local attacker could exploit this to execute arbitrary code via a crafted file path.
(CVE-2012-1988)
It was discovered that Puppet used a predictable filename for the Telnet connection log file. A local attacker could exploit this to overwrite arbitrary files. This issue only affected Ubuntu 11.10. (CVE-2012-1989)
Affected
puppet on Ubuntu 11.10 ,
Ubuntu 11.04 ,
Ubuntu 10.04 LTS
Severity
Classification
-
CVE CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities