Download
| Alert*
oval:org.secpod.oval:def:1601258
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.The change_user method in the SUIDManager in P ... oval:org.secpod.oval:def:700779 puppet: Centralized configuration management Puppet could be made to overwrite files and run programs with administrator privileges. oval:org.secpod.oval:def:5916 The host is installed with Puppet 2.6.x before 2.6.14 or 2.7.x before 2.7.11 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle k5login type. Successful exploitation allows attackers to gain privileges via a symlink attack on .k5l ... oval:org.secpod.oval:def:6021 The host is installed with Puppet 2.6.x before 2.6.14 or 2.7.x before 2.7.11 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle k5login type. Successful exploitation allows attackers to gain privileges via a symlink attack on .k5l ... oval:org.secpod.oval:def:103557 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:103553 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:600742 Two vulnerabilities were discovered in Puppet, a centralized configuration management tool. CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. CVE-2012-1054 The k5login type writes to untrusted locations, enabling local users to escalate ... oval:org.secpod.oval:def:103566 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:103708 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:103698 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:104014 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... |