Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerabilities (USN-1223-1)

Medium Nessus Plugin ID 56375


The remote Ubuntu host is missing a security-related patch.


It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges.

Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. (CVE-2011-3870)

It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. (CVE-2011-3871).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected puppet-common package.

Plugin Details

Severity: Medium

ID: 56375

File Name: ubuntu_USN-1223-1.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2011/10/03

Modified: 2016/05/26

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:puppet-common, cpe:/o:canonical:ubuntu_linux:10.04:-:lts, cpe:/o:canonical:ubuntu_linux:10.10, cpe:/o:canonical:ubuntu_linux:11.04

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Patch Publication Date: 2011/09/30

Reference Information

CVE: CVE-2011-3869, CVE-2011-3870, CVE-2011-3871

OSVDB: 75986, 75988, 75989

USN: 1223-1