CVE-2012-1989

Severity Score

3.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

telnet.rb en Puppet v2.7.x antes de v2.7.13 y Puppet Enterprise (PE) v1.2.x, v2.0.x, y v2.5.x antes de v2.5.1, permite a usuarios locales sobreescribir archivos de su elección a través de ataques de enlace simbólico en el registro de conexión NET::Telnet (/tmp/out.log).

*Credits: N/A

CVSS Scores

NISTv2 3.6

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-04-02 CVE Reserved
2012-04-11 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (11)

URL	Tag	Source
http://projects.puppetlabs.com/issues/13606	X_refsource_misc
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13	X_refsource_confirm
http://www.securityfocus.com/bid/52975	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/74797	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html	2019-07-11
http://puppetlabs.com/security/cve/cve-2012-1989	2019-07-11
http://secunia.com/advisories/48743	2019-07-11
http://secunia.com/advisories/48748	2019-07-11
http://secunia.com/advisories/49136	2019-07-11
http://ubuntu.com/usn/usn-1419-1	2019-07-11
https://hermes.opensuse.org/messages/15087408	2019-07-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Puppet Search vendor "Puppet"		Puppet Search vendor "Puppet" for product "Puppet"				2.7.3 Search vendor "Puppet" for product "Puppet" and version "2.7.3"		-		Affected
Puppet Search vendor "Puppet"		Puppet Search vendor "Puppet" for product "Puppet"				2.7.4 Search vendor "Puppet" for product "Puppet" and version "2.7.4"		-		Affected
Puppet Search vendor "Puppet"		Puppet Search vendor "Puppet" for product "Puppet"				2.7.5 Search vendor "Puppet" for product "Puppet" and version "2.7.5"		-		Affected
Puppet Search vendor "Puppet"		Puppet Search vendor "Puppet" for product "Puppet"				2.7.6 Search vendor "Puppet" for product "Puppet" and version "2.7.6"		-		Affected
Puppet Search vendor "Puppet"		Puppet Search vendor "Puppet" for product "Puppet"				2.7.8 Search vendor "Puppet" for product "Puppet" and version "2.7.8"		-		Affected
Puppet Search vendor "Puppet"		Puppet Search vendor "Puppet" for product "Puppet"				2.7.9 Search vendor "Puppet" for product "Puppet" and version "2.7.9"		-		Affected
Puppet Search vendor "Puppet"		Puppet Search vendor "Puppet" for product "Puppet"				2.7.10 Search vendor "Puppet" for product "Puppet" and version "2.7.10"		-		Affected
Puppet Search vendor "Puppet"		Puppet Search vendor "Puppet" for product "Puppet"				2.7.11 Search vendor "Puppet" for product "Puppet" and version "2.7.11"		-		Affected
Puppet Search vendor "Puppet"		Puppet Search vendor "Puppet" for product "Puppet"				2.7.12 Search vendor "Puppet" for product "Puppet" and version "2.7.12"		-		Affected
Puppetlabs Search vendor "Puppetlabs"		Puppet Search vendor "Puppetlabs" for product "Puppet"				2.7.0 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.0"		-		Affected
Puppetlabs Search vendor "Puppetlabs"		Puppet Search vendor "Puppetlabs" for product "Puppet"				2.7.1 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.1"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				1.2.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.0"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				1.2.1 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.1"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				1.2.2 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.2"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				1.2.3 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.3"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				1.2.4 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.4"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				2.0.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.0.0"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				2.0.1 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.0.1"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				2.0.2 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.0.2"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				2.5.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.5.0"		-		Affected