USN-1223-1: Puppet vulnerabilities

30 September 2011

Puppet could be made to overwrite files and run programs with administrator privileges.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • puppet - Centralized configuration management

Details

It was discovered that Puppet unsafely opened files when the k5login type
is used to manage files. A local attacker could exploit this to overwrite
arbitrary files which could be used to escalate privileges. (CVE-2011-3869)

Ricky Zhou discovered that Puppet did not drop privileges when creating
SSH authorized_keys files. A local attacker could exploit this to overwrite
arbitrary files as root. (CVE-2011-3870)

It was discovered that Puppet used a predictable filename when using the
--edit resource. A local attacker could exploit this to edit arbitrary
files or run arbitrary code as the user invoking the program, typically
root. (CVE-2011-3871)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.