USN-1223-1: Puppet vulnerabilities
30 September 2011
Puppet could be made to overwrite files and run programs with administrator privileges.
- puppet - Centralized configuration management
It was discovered that Puppet unsafely opened files when the k5login type
is used to manage files. A local attacker could exploit this to overwrite
arbitrary files which could be used to escalate privileges. (CVE-2011-3869)
Ricky Zhou discovered that Puppet did not drop privileges when creating
SSH authorized_keys files. A local attacker could exploit this to overwrite
arbitrary files as root. (CVE-2011-3870)
It was discovered that Puppet used a predictable filename when using the
--edit resource. A local attacker could exploit this to edit arbitrary
files or run arbitrary code as the user invoking the program, typically
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.