Local Privilege Escalation Affecting puppet package, versions <2.6.11 >=2.7.0, <2.7.5
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-PUPPET-20303
- published 28 Feb 2017
- disclosed 29 Sep 2011
- credit Puppet Labs
Introduced: 29 Sep 2011
CVE-2011-3869 Open this link in a new tabHow to fix?
Upgrade puppet to version 2.6.11, 2.7.5 or higher.
Overview
puppet is an automated configuration management tool.
Affected versions of the package are vulnerable to Symlink Attack via a user's .k5login file. The k5login type is typically used to manage a file in the home directory of a user. The purpose of this file is to allow access to other users.
The .k5login file previously wrote to the target file directly, as root, without doing anything to secure the file. If the .k5login file was replaced with a symlink, this would allow the owner of the home directory to replace any file on the system, including the .k5login file of a more privileged user, with the “correct” content of their own file.