CVE-2012-1054 in Ubuntu

CVE-2012-1054

Priority

Medium

Description

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise
(PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login
file with the k5login resource type, allows local users to gain privileges
via a symlink attack on .k5login.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054
http://puppetlabs.com/security/cve/cve-2012-1054/
https://usn.ubuntu.com/usn/usn-1372-1

Assigned-to

jdstrand

Package

Source: puppet (LP Ubuntu Debian)

Upstream:

released (2.6.14, 2.7.11-1)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-15 20:29:46 UTC (commit 13913)