CVE-2012-1989

Publication date 11 April 2012

Last updated 24 July 2024


Ubuntu priority

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

Read the notes from the security team

Status

Package Ubuntu Release Status
puppet 11.10 oneiric
Fixed 2.7.1-1ubuntu3.6
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy Ignored end of life

Notes


tyhicks

Yama should mitigate this Only affects 2.7.x

References

Related Ubuntu Security Notices (USN)

Other references