CVE-2012-1053

Sažetak

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
http://projects.puppetlabs.com/issues/12457
http://projects.puppetlabs.com/issues/12458
http://projects.puppetlabs.com/issues/12459
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
http://puppetlabs.com/security/cve/cve-2012-1053/
http://secunia.com/advisories/48157
http://secunia.com/advisories/48161
http://secunia.com/advisories/48166
http://secunia.com/advisories/48290
http://ubuntu.com/usn/usn-1372-1
http://www.debian.org/security/2012/dsa-2419
http://www.osvdb.org/79495
http://www.securityfocus.com/bid/52158
https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
https://hermes.opensuse.org/messages/15087408

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-07-2019 - 15:09

Objavljeno

29-05-2012 - 20:55