CVE-2012-1989
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
27/06/2012
Last modified:
11/04/2025
Description
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
Impact
Base Score 2.0
3.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
- http://projects.puppetlabs.com/issues/13606
- http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
- http://puppetlabs.com/security/cve/cve-2012-1989/
- http://secunia.com/advisories/48743
- http://secunia.com/advisories/48748
- http://secunia.com/advisories/49136
- http://ubuntu.com/usn/usn-1419-1
- http://www.securityfocus.com/bid/52975
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
- https://hermes.opensuse.org/messages/15087408
- http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
- http://projects.puppetlabs.com/issues/13606
- http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
- http://puppetlabs.com/security/cve/cve-2012-1989/
- http://secunia.com/advisories/48743
- http://secunia.com/advisories/48748
- http://secunia.com/advisories/49136
- http://ubuntu.com/usn/usn-1419-1
- http://www.securityfocus.com/bid/52975
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
- https://hermes.opensuse.org/messages/15087408