4.4

CVE-2012-1054

EPSS 0.07%
Published 29.05.2012 20:55:07
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Puppet ≫ Puppet Version2.6.0

Puppet ≫ Puppet Version2.6.1

Puppet ≫ Puppet Version2.6.2

Puppet ≫ Puppet Version2.6.3

Puppet ≫ Puppet Version2.6.4

Puppet ≫ Puppet Version2.6.5

Puppet ≫ Puppet Version2.6.6

Puppet ≫ Puppet Version2.6.7

Puppet ≫ Puppet Version2.6.8

Puppet ≫ Puppet Version2.6.9

Puppet ≫ Puppet Version2.6.10

Puppet ≫ Puppet Version2.6.11

Puppet ≫ Puppet Version2.6.12

Puppet ≫ Puppet Version2.6.13

Puppet ≫ Puppet Version2.7.2

Puppet ≫ Puppet Version2.7.3

Puppet ≫ Puppet Version2.7.4

Puppet ≫ Puppet Version2.7.5

Puppet ≫ Puppet Version2.7.6

Puppet ≫ Puppet Version2.7.7

Puppet ≫ Puppet Version2.7.8

Puppet ≫ Puppet Version2.7.9

Puppet ≫ Puppet Version2.7.10

Puppetlabs ≫ Puppet Version2.7.0

Puppetlabs ≫ Puppet Version2.7.1

Puppet ≫ Puppet Enterprise Version1.2.0

Puppet ≫ Puppet Enterprise Version1.2.1

Puppet ≫ Puppet Enterprise Version1.2.2

Puppet ≫ Puppet Enterprise Version1.2.3

Puppet ≫ Puppet Enterprise Version1.2.4

Puppet ≫ Puppet Enterprise Version2.0.0

Puppet ≫ Puppet Enterprise Version2.0.1

Puppet ≫ Puppet Enterprise Version2.0.2

Puppetlabs ≫ Puppet Enterprise Users Version1.0

Puppetlabs ≫ Puppet Enterprise Users Version1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.186

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14

http://secunia.com/advisories/48157

Vendor Advisory

http://secunia.com/advisories/48161

Vendor Advisory

http://secunia.com/advisories/48166

Vendor Advisory

http://secunia.com/advisories/48290

Vendor Advisory

http://ubuntu.com/usn/usn-1372-1

http://www.debian.org/security/2012/dsa-2419

http://www.securityfocus.com/bid/52158

https://hermes.opensuse.org/messages/15087408

http://projects.puppetlabs.com/issues/12460

Vendor Advisory

http://puppetlabs.com/security/cve/cve-2012-1054/

Vendor Advisory

http://www.osvdb.org/79496

https://exchange.xforce.ibmcloud.com/vulnerabilities/73446

https://nvd.nist.gov/vuln/detail/CVE-2012-1054

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1054

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1054

EUVD