Ubuntu Security Notice (C) 2014-2015 Canonical, Inc. / NASL script (C) 2014-2015 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
USN-2077-1 fixed a vulnerability in Puppet. The upstream patch
introduced a regression resulting in the default file mode being
incorrect. This update fixes the problem.
We apologize for the inconvenience.
It was discovered that Puppet incorrectly handled temporary files. A
local attacker could possibly use this issue to overwrite arbitrary
files. In the default installation of Ubuntu, this should be prevented
by the Yama link restrictions.
Update the affected puppet-common package.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 6.0
Public Exploit Available : true
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 71895 ()
Bugtraq ID: 64552