Homepage
About Snyk

Local Privilege Escalation via Symlink Attack Affecting puppet package, versions <2.6.15 >=2.7.0, <2.7.12

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RUBY-PUPPET-20309
  • published 28 Feb 2017
  • disclosed 23 Mar 2012
  • credit Puppet Labs
Report a new vulnerability Found a mistake?

Introduced: 23 Mar 2012

CVE-2012-1054 Open this link in a new tab
CWE-61 Open this link in a new tab

How to fix?

Upgrade puppet to version 2.6.14, 2.7.11 or higher.

Overview

puppet is an automated configuration management tool. Affected versions of the package are vulnerable to Local User Privilege Escalation .k5login file. The k5login type is typically used to manage a file in the home directory of a user. The purpose of this file is to allow access to other users.

If a user's .k5login file was replaced with a symlink, Puppet will overwrite the link's target when managing that user's login file with the k5login resource type. This allows local privilege escalation by linking a user's .k5login file to root's .k5login file.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
5.3 medium
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    Low
  • Availability (A)
    Low
Expand this section

NVD

5.3 medium