CVSS: 3.3EPSS: 0%CPEs: 20EXPL: 0CVE-2010-0156
https://notcve.org/view.php?id=CVE-2010-0156
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. Puppet 0.24.x en versiones anteriores a la 0.24.9 y 0.25.x en versiones anteriores a la 0.25.2 permite a atacantes locales sobrescribir ficheros de su elección mediante un ataque de enlace simbólico (symlink) en el fichero temporal (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex o (4) /tmp/puppetdoc.aux. • http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087 http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38766 https://bugzilla.redhat.com/show_bug.cgi?id=502881 https://puppet.com • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 1CVE-2009-3564
https://notcve.org/view.php?id=CVE-2009-3564
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files. puppetmasterd en puppet v0.24.6 no borra los grupos adicionales cuando cambia a otro usuario, lo que permite a usuarios locales acceder a ficheros restringidos. • http://projects.reductivelabs.com/issues/1806 https://bugzilla.redhat.com/show_bug.cgi?id=475201 https://puppet.com/security/cve/cve-2009-3564 • CWE-264: Permissions, Privileges, and Access Controls •