exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2012-1906

Status Candidate

Overview

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.

Related Files

Gentoo Linux Security Advisory 201208-02
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-2 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.13 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989
SHA-256 | 34e2e5b7d34db5d93643e67dcebb7c67afd870204a7c4b3718e99acee2ae0d8b
Debian Security Advisory 2451-1
Posted Apr 13, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2451-1 - Several vulnerabilities have been discovered in puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988
SHA-256 | 35b59b4216bedd63d45392644a9587d40ba5845a85bf2717988463a587882a20
Ubuntu Security Notice USN-1419-1
Posted Apr 11, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, apple, osx, ubuntu
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989, CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989
SHA-256 | b321c92d30665135abf19544c4c759a8dc26d73f6d998793727b56e0115999ac
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    8 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close