CVE-2009-3564
Published: 6 October 2009
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
Notes
| Author | Note |
|---|---|
| mdeslaur | reproducer in upstream bug upstream has not fixed this in 0.24.x as of 2010-03-17 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
puppet Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Ignored
(end of life, was needed)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Released
(0.24.8-2ubuntu4.1)
|
|
| lucid |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
| maverick |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
| natty |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
| oneiric |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://projects.reductivelabs.com/projects/puppet/repository/revisions/e32f980fd7c6291abc2841ede397c962798d9a9c/diff |
||