CVE-2012-1989

Published: Jun 27, 2012Modified: Apr 29, 2026

3.6

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability: 3.9 / Impact: 4.9

Source: NVD

Description

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

Affected (20)

Products: Puppet: Puppet, Puppet Enterprise · Puppetlabs: Puppet

2 products

Puppet Enterprise

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet	Version 2.7.10
Puppet Puppet	Version 2.7.11
Puppet Puppet	Version 2.7.12
Puppet Puppet	Version 2.7.3
Puppet Puppet	Version 2.7.4
Puppet Puppet	Version 2.7.5
Puppet Puppet	Version 2.7.6
Puppet Puppet	Version 2.7.8
Puppet Puppet	Version 2.7.9
Puppetlabs Puppet	Version 2.7.0
Puppetlabs Puppet	Version 2.7.1

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	Version 1.2.0
Puppet Puppet Enterprise	Version 1.2.1
Puppet Puppet Enterprise	Version 1.2.2
Puppet Puppet Enterprise	Version 1.2.3
Puppet Puppet Enterprise	Version 1.2.4
Puppet Puppet Enterprise	Version 2.0.0
Puppet Puppet Enterprise	Version 2.0.1
Puppet Puppet Enterprise	Version 2.0.2
Puppet Puppet Enterprise	Version 2.5.0

Related CWEs

References (22)

http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html

Source: cve@mitre.org

http://projects.puppetlabs.com/issues/13606

Source: cve@mitre.org

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13

Source: cve@mitre.org

http://puppetlabs.com/security/cve/cve-2012-1989/

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/48743

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/48748

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/49136

Source: cve@mitre.org

Vendor Advisory

http://ubuntu.com/usn/usn-1419-1

Source: cve@mitre.org

http://www.securityfocus.com/bid/52975

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/74797

Source: cve@mitre.org

https://hermes.opensuse.org/messages/15087408

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://projects.puppetlabs.com/issues/13606

Source: af854a3a-2127-422b-91ae-364da2661108

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13

Source: af854a3a-2127-422b-91ae-364da2661108

http://puppetlabs.com/security/cve/cve-2012-1989/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/48743

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/48748

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/49136

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://ubuntu.com/usn/usn-1419-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/52975

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/74797

Source: af854a3a-2127-422b-91ae-364da2661108

https://hermes.opensuse.org/messages/15087408

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.