Red Hat Bugzilla – Bug 837339
CVE-2012-1989 puppet: Insecure temporary file use for NET::Telnet connection log (/tmp/out.log)
Last modified: 2014-11-20 15:11:06 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-1989 to the following vulnerability: telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). References: [1] http://projects.puppetlabs.com/issues/13606 [2] http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13 [3] http://puppetlabs.com/security/cve/cve-2012-1989/ [4] http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html [5] http://ubuntu.com/usn/usn-1419-1 [6] http://www.securityfocus.com/bid/52975 [7] http://secunia.com/advisories/48743 [8] http://secunia.com/advisories/48748 [9] http://secunia.com/advisories/49136 [10] http://xforce.iss.net/xforce/xfdb/74797 Relevant upstream patch seems to be the following: [11] https://github.com/puppetlabs/puppet/commit/91e7ce478649490d87684661f79d70b5ca46ddd0
This issue did NOT affect the versions of the puppet package, as shipped with Fedora release of 16 and 17. -- This issue did NOT affect the versions of the puppet package, as shipped with Fedora EPEL 5 and 6.
As listed in the upstream advisory, this issue only affected 2.7.x versions. Only Fedora 17 and Rawhide have this version and are already using fixed 2.7.13. Fedora 17 did not include previous 2.7.x version and hence was never affected by this issue. External Reference: http://puppetlabs.com/security/cve/cve-2012-1989/