Debian: DSA-2314-1: puppet security update

    Date03 Oct 2011
    CategoryDebian
    55
    Posted ByLinuxSecurity Advisories
    Multiple security issues have been discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA-2314-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    http://www.debian.org/security/                                 Nico Golde
    Oct 3, 2011                            http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : puppet
    Vulnerability  : multiple
    Problem type   : local/remote
    Debian-specific: no
    Debian bug     : none
    CVE IDs        : CVE-2011-3848 CVE-2011-3870 CVE-2011-3869 CVE-2011-3871
    
    Multiple security issues have been discovered in puppet, a centralized
    configuration management system.  The Common Vulnerabilities and Exposures
    project identifies the following problems:
    
    CVE-2011-3848
    
        Kristian Erik Hermansen reported that an unauthenticated
        directory traversal could drop any valid X.509 Certificate Signing
        Request at any location on disk, with the privileges of the Puppet
        Master application.
    
    CVE-2011-3870
    
        Ricky Zhou discovered a potential local privilege escalation in the
        ssh_authorized_keys resource and theoretically in the Solaris and
        AIX providers, where file ownership was given away before it was
        written, leading to a possibility for a user to overwrite arbitrary
        files as root, if their authorized_keys file was managed.
    
    CVE-2011-3869
    
        A predictable file name in the k5login type leads to the possibility
        of symlink attacks which would allow the owner of the home directory
        to symlink to anything on the system, and have it replaced with the
        "correct" content of the file, which can lead to a privilege escalation
        on puppet runs.
    
    CVE-2011-3871
    
        A potential local privilege escalation was found in the --edit mode
        of 'puppet resource' due to a persistant, predictable file name,
        which can result in editing an arbitrary target file, and thus be
        be tricked into running that arbitrary file as the invoking
        user.  This command is most commonly run as root, this leads to a
        potential privilege escalation.
    
    
    Additionally, this update hardens the indirector file backed terminus base
    class against injection attacks based on trusted path names.
    
    
    For the oldstable distribution (lenny), this problem will be fixed soon.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 2.6.2-5+squeeze1.
    
    For the testing distribution (wheezy), this has been fixed in
    version 2.7.3-3.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 2.7.3-3.
    
    We recommend that you upgrade your puppet packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.