Debian Puppet vulnerabilities

CVE-2012-5158 [MEDIUM] CVE-2012-5158: puppet - Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when t... Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors. Scope: local bullseye: resolved

CVE-2012-1989 [LOW] CVE-2012-1989: puppet - telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x,... telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). Scope: local bullseye: resolved (fixed in 2.7.13-1)

CVE-2011-3871 [MEDIUM] CVE-2011-3871: puppet - Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --ed... Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Scope: local bullseye: resolved (fixed in 2.7.3-3)

CVE-2011-3870 [MEDIUM] CVE-2011-3870: puppet - Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to... Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. Scope: local bullseye: resolved (fixed in 2.7.3-3)

CVE-2011-3848 [MEDIUM] CVE-2011-3848: puppet - Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before... Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25. Scope: local bullseye: resolved (fixed in 2.7.3-2)

CVE-2011-0528 [MEDIUM] CVE-2011-0528: puppet - Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, ... Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors. Scope: local bullseye: resolved (fixed in 2.6.2-3)

CVE-2011-3869 [MEDIUM] CVE-2011-3869: puppet - Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to... Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. Scope: local bullseye: resolved (fixed in 2.7.3-3)

CVE-2011-3872 [LOW] CVE-2011-3872: puppet - Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Us... Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent th

CVE-2010-0156 [LOW] CVE-2010-0156: puppet - Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overw... Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. Scope: local bullseye: resolved (fixed in 0.25.4-2)

CVE-2009-3564 [MEDIUM] CVE-2009-3564: puppet - puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switc... puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files. Scope: local bullseye: resolved (fixed in 0.25.1-3)