Ubuntu Update For Puppet USN-1223-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1223-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. (CVE-2011-3869) Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. (CVE-2011-3870) It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. (CVE-2011-3871)

Affected

puppet on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2011-3869, CVE-2011-3870, CVE-2011-3871

CVSS	Base Score: 6.3 AV:L/AC:M/Au:N/C:N/I:C/A:C

Related Vulnerabilities

Ubuntu Update for bzip2 USN-1308-1
Ubuntu Update for apr-util vulnerability USN-1022-1
Ubuntu Update for apache2 vulnerabilities USN-575-1
Ubuntu Update for clamav USN-1179-1
Ubuntu Update for dovecot vulnerabilities USN-1059-1

Ubuntu Update for puppet USN-1223-1

Take action and discover your vulnerabilities