Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
It was discovered that Puppet unsafely opened files when the k5login
type is used to manage files. A local attacker could exploit this to
overwrite arbitrary files which could be used to escalate privileges.
Ricky Zhou discovered that Puppet did not drop privileges when
creating SSH authorized_keys files. A local attacker could exploit
this to overwrite arbitrary files as root. (CVE-2011-3870)
It was discovered that Puppet used a predictable filename when using
the --edit resource. A local attacker could exploit this to edit
arbitrary files or run arbitrary code as the user invoking the
program, typically root. (CVE-2011-3871).
Update the affected puppet-common package.
Risk factor :
Medium / CVSS Base Score : 6.3
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 56375 ()
CVE ID: CVE-2011-3869CVE-2011-3870CVE-2011-3871
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.