Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4969

Опубликовано: 26 дек. 2013
Источник: redhat
CVSS2: 2.1

Описание

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

Отчет

Red Hat Product Security has rated this issue as having Low security impact in Subscription Asset Manager 1. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat Product Security has rated this issue as having Low security impact in Red Hat OpenStack Platform 4.0. This issue is not currently planned to be addressed in future updates.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5puppetNot affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)puppetNot affected
Red Hat Enterprise MRG 1puppetWill not fix
Red Hat OpenStack Platform 3puppetWill not fix
Red Hat OpenStack Platform 3ruby193-puppetWill not fix
Red Hat OpenStack Platform 4puppetAffected
Red Hat Satellite 6ruby193-puppetAffected
Red Hat Subscription Asset ManagerpuppetWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-377
https://bugzilla.redhat.com/show_bug.cgi?id=1045212Puppet: Unsafe use of Temp files in File type

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4969

ubuntu
около 12 лет назад

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

nvd логотип

CVE-2013-4969

nvd
около 12 лет назад

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

debian логотип

CVE-2013-4969

debian
около 12 лет назад

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) be ...

github логотип

GHSA-73jw-pjcv-9rgm

github
больше 3 лет назад

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

suse-cvrf логотип

SUSE-RU-2015:0696-1

suse-cvrf
больше 11 лет назад

Security update for puppet

2.1 Low

CVSS2