CVE-2009-3564
Published: 6 October 2009
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
Notes
Author | Note |
---|---|
mdeslaur | reproducer in upstream bug upstream has not fixed this in 0.24.x as of 2010-03-17 |
Priority
Status
Package | Release | Status |
---|---|---|
puppet Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Released
(0.24.8-2ubuntu4.1)
|
|
lucid |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
maverick |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
natty |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
oneiric |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://projects.reductivelabs.com/projects/puppet/repository/revisions/e32f980fd7c6291abc2841ede397c962798d9a9c/diff |