CVE-2011-3871

Publication date 1 October 2011

Last updated 24 July 2024

Ubuntu priority

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
puppet	11.04 natty	Fixed 2.6.4-2ubuntu2.3
	10.10 maverick	Fixed 2.6.1-0ubuntu2.2
	10.04 LTS lucid	Fixed 0.25.4-2ubuntu6.3
	8.04 LTS hardy	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1223-1
Puppet vulnerabilities
30 September 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-3871