Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4956

Опубликовано: 15 авг. 2013
Источник: redhat
CVSS2: 3.7
EPSS Низкий

Описание

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5puppetNot affected
Red Hat Enterprise MRG 1puppetNot affected
Red Hat Subscription Asset ManagerpuppetNot affected
OpenStack 3 for RHEL 6facterFixedRHSA-2013:128324.09.2013
OpenStack 3 for RHEL 6hieraFixedRHSA-2013:128324.09.2013
OpenStack 3 for RHEL 6puppetFixedRHSA-2013:128324.09.2013
OpenStack 3 for RHEL 6ruby-augeasFixedRHSA-2013:128324.09.2013
OpenStack 3 for RHEL 6ruby-shadowFixedRHSA-2013:128324.09.2013
OpenStack 3 for RHEL 6ruby193-puppetFixedRHSA-2013:128424.09.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=996855Puppet: Local Privilege Escalation/Arbitrary Code Execution

EPSS

Процентиль: 29%
0.00108
Низкий

3.7 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4956

ubuntu
больше 12 лет назад

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

nvd логотип

CVE-2013-4956

nvd
больше 12 лет назад

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

debian логотип

CVE-2013-4956

debian
больше 12 лет назад

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3. ...

github логотип

GHSA-3jgg-vqj7-2c3r

github
больше 3 лет назад

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

fstec логотип

BDU:2015-09724

fstec
больше 12 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 29%
0.00108
Низкий

3.7 Low

CVSS2