FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-3866

This CVE name corresponds to:

Entered Topic
2012-07-10 puppet -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-3866 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-3866
Phase Assigned(20120706)

Description

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.

References

Source Reference
CONFIRM http://puppetlabs.com/security/cve/cve-2012-3866/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=839135
CONFIRM https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f
DEBIAN DSA-2511
SUSE openSUSE-SU-2012:0891
UBUNTU USN-1506-1
SECUNIA 50014

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.