CVE-2012-1053

high

Description

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

References

https://hermes.opensuse.org/messages/15087408

https://exchange.xforce.ibmcloud.com/vulnerabilities/73445

http://www.securityfocus.com/bid/52158

http://www.osvdb.org/79495

http://www.debian.org/security/2012/dsa-2419

http://ubuntu.com/usn/usn-1372-1

http://secunia.com/advisories/48290

http://secunia.com/advisories/48166

http://secunia.com/advisories/48161

http://secunia.com/advisories/48157

http://puppetlabs.com/security/cve/cve-2012-1053/

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14

http://projects.puppetlabs.com/issues/12459

http://projects.puppetlabs.com/issues/12458

http://projects.puppetlabs.com/issues/12457

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html

Details

Source: Mitre, NVD

Published: 2012-05-29

Updated: 2019-07-11

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High