Описание
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.7.11-1 |
| hardy | ignored | end of life |
| lucid | released | 0.25.4-2ubuntu6.6 |
| maverick | released | 2.6.1-0ubuntu2.6 |
| natty | released | 2.6.4-2ubuntu2.8 |
| oneiric | released | 2.7.1-1ubuntu3.5 |
| upstream | released | 2.6.14, 2.7.11-1 |
Показывать по
4.4 Medium
CVSS2
Связанные уязвимости
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterpr ...
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
4.4 Medium
CVSS2