Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3866

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-3866
Last Modified 10 Oct 2014 12:55:47
Published 06 Aug 2012 12:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-3866

Summary

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.

Vulnerable Systems

Application

  • Puppetlabs Puppet 2.5.1

  • Puppetlabs Puppet 2.7.0

  • Puppetlabs Puppet 2.7.1

  • Puppetlabs Puppet 2.7.10

  • Puppetlabs Puppet 2.7.11

  • Puppetlabs Puppet 2.7.12

  • Puppetlabs Puppet 2.7.13

  • Puppetlabs Puppet 2.7.14

  • Puppetlabs Puppet 2.7.16

  • Puppetlabs Puppet 2.7.17

  • Puppetlabs Puppet 2.7.2

  • Puppetlabs Puppet 2.7.3

  • Puppetlabs Puppet 2.7.4

  • Puppetlabs Puppet 2.7.5

  • Puppetlabs Puppet 2.7.6

  • Puppetlabs Puppet 2.7.8

  • Puppetlabs Puppet 2.7.9


References

CONFIRM - https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=839135

CONFIRM - http://puppetlabs.com/security/cve/cve-2012-3866/

UBUNTU - USN-1506-1

DEBIAN - DSA-2511

SECUNIA - 50014

SUSE - openSUSE-SU-2012:0891


Last Updated: 27 May 2016 10:53:34