3.3

CVE-2012-1906

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PuppetPuppet Version2.6.0
PuppetPuppet Version2.6.1
PuppetPuppet Version2.6.2
PuppetPuppet Version2.6.3
PuppetPuppet Version2.6.4
PuppetPuppet Version2.6.5
PuppetPuppet Version2.6.6
PuppetPuppet Version2.6.7
PuppetPuppet Version2.6.8
PuppetPuppet Version2.6.9
PuppetPuppet Version2.6.10
PuppetPuppet Version2.6.11
PuppetPuppet Version2.6.12
PuppetPuppet Version2.6.13
PuppetPuppet Version2.6.14
PuppetPuppet Version2.7.2
PuppetPuppet Version2.7.3
PuppetPuppet Version2.7.4
PuppetPuppet Version2.7.5
PuppetPuppet Version2.7.6
PuppetPuppet Version2.7.7
PuppetPuppet Version2.7.8
PuppetPuppet Version2.7.9
PuppetPuppet Version2.7.10
PuppetPuppet Version2.7.11
PuppetPuppet Enterprise Version2.5.0
PuppetlabsPuppet Version2.7.0
PuppetlabsPuppet Version2.7.1
PuppetPuppet Enterprise Version1.2.0
PuppetPuppet Enterprise Version1.2.1
PuppetPuppet Enterprise Version1.2.2
PuppetPuppet Enterprise Version1.2.3
PuppetPuppet Enterprise Version1.2.4
PuppetPuppet Enterprise Version2.0.0
PuppetPuppet Enterprise Version2.0.1
PuppetPuppet Enterprise Version2.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.267
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 3.4 4.9
AV:L/AC:M/Au:N/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://projects.puppetlabs.com/issues/13260
Vendor Advisory
http://puppetlabs.com/security/cve/cve-2012-1906/
Vendor Advisory
http://secunia.com/advisories/48743
Vendor Advisory
http://secunia.com/advisories/48748
Vendor Advisory
http://secunia.com/advisories/48789
Vendor Advisory
http://ubuntu.com/usn/usn-1419-1
http://www.debian.org/security/2012/dsa-2451
http://www.securityfocus.com/bid/52975
https://exchange.xforce.ibmcloud.com/vulnerabilities/74793