This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
The puppet 2.6.14 release notes summarize the issues as group and user
privilege escalations, as follows :
A bug in Puppet gives unexpected and improper group privileges to
execs and types/providers. When executing commands as a different
user, Puppet leaves the forked process with Puppet's own group
If a user's .k5login file is a symlink, Puppet will overwrite the
link's target when managing that user's login file with the k5login
resource type. This allows local privilege escalation by linking a
user's .k5login file to root's .k5login file.
See also :
Run 'yum update puppet' to update your system.
Risk factor :
Medium / CVSS Base Score : 6.9