1. Home
  2. CVE Database
  3. CVE-2012-1054
MEDIUM · 4.4

CVE-2012-1054

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local u...

Vulnerability Description

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.

CVSS Score

4.4

MEDIUM

AV:L/AC:M/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
PuppetPuppet2.6.0
PuppetlabsPuppet2.7.0
PuppetPuppet Enterprise1.2.0
PuppetlabsPuppet Enterprise Users1.0

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2012-1054?

CVE-2012-1054 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local u...

How severe is CVE-2012-1054?

CVE-2012-1054 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-1054?

Check the references section above for vendor advisories and patch information. Affected products include: Puppet Puppet, Puppetlabs Puppet, Puppet Puppet Enterprise, Puppetlabs Puppet Enterprise Users.