CVE-2010-0156
Published: 3 March 2010
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
Priority
Status
Package | Release | Status |
---|---|---|
puppet Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Released
(0.24.8-2ubuntu4.1)
|
|
lucid |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
maverick |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
natty |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
oneiric |
Not vulnerable
(0.25.4-2ubuntu3)
|
|
upstream |
Released
(0.25.2)
|
|
Patches: upstream: http://projects.reductivelabs.com/projects/puppet/repository/revisions/0aae57f91dc69b22fb674f8de3a13c22edd07128/diff upstream: http://projects.reductivelabs.com/projects/puppet/repository/revisions/0dee418554151289b13136c43f0d1d6484efbac7/diff |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156
- http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
- http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
- https://ubuntu.com/security/notices/USN-917-1
- NVD
- Launchpad
- Debian