791002 – (CVE-2012-1054) CVE-2012-1054 Puppet 2.6.13 Klogin File Handling Issue

Bug 791002 (CVE-2012-1054) - CVE-2012-1054 Puppet 2.6.13 Klogin File Handling Issue

Summary: CVE-2012-1054 Puppet 2.6.13 Klogin File Handling Issue

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2012-1054
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	790898 790917 801972 801974 809594
Blocks:	742180 767031
TreeView+	depends on / blocked

Reported:	2012-02-15 22:09 UTC by Kurt Seifried
Modified:	2021-02-24 13:08 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-04-17 21:50:54 UTC
Embargoed:

Attachments	(Terms of Use)
Patch for CVE-2012-1053 and CVE-2012-1054 (41.72 KB, patch) 2012-02-15 22:28 UTC, Kurt Seifried	no flags	Details \| Diff
View All

Description Kurt Seifried 2012-02-15 22:09:31 UTC

There have been two vulnerabilities discovered in Puppet
(CVE-2012-1053 and CVE-2012-1054).  Puppet Labs is currently working
with distribution
maintainers, as well as key customers to ensure we are able to patch
this vulnerability before it is exploited.

The CVEs and issues have not been made public yet. We appreciate your
discretion at this time. We have included patches for 2.6.x and 2.7.x.
If you need help with patches for other series or versions of Puppet,
please let us know.


# Summary #

(#12460) Klogin type will write to untrusted locations (write through symlinks)

#12460 - Klogin File Handling Issue (Write through symlink)

High risk for users of this type. Users can symlink to arbitrary files, causing
them to be overwritten, such as other klogin files (including root).

Comment 3 Kurt Seifried 2012-02-15 22:21:50 UTC

This is embargoed, no release date has been set yet, I have contacted PuppetLabs and requested more information.

Comment 4 Kurt Seifried 2012-02-15 22:28:25 UTC

Created attachment 562349 [details]
Patch for CVE-2012-1053 and CVE-2012-1054

Comment 6 Todd Zullinger 2012-02-22 05:47:06 UTC

Per conversation with Michael Stahnke at Puppet Labs, the release that was planned for tonight has been pushed to tomorrow.  I noticed a minor regression in the 2.6.14 packages we'll be using, so they're going to fix that up before release.

Comment 7 Vincent Danen 2012-02-23 17:06:50 UTC

External Reference:

http://puppetlabs.com/security/cve/cve-2012-1054/

Comment 8 Kurt Seifried 2012-03-10 00:50:30 UTC

Created puppet tracking bugs for this issue

Affects: fedora-all [bug 801972]

Comment 9 Kurt Seifried 2012-03-10 00:51:49 UTC

Created puppet tracking bugs for this issue

Affects: epel-all [bug 801974]

Comment 10 Fedora Update System 2012-03-10 21:52:51 UTC

puppet-2.6.14-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2012-03-10 21:53:14 UTC

puppet-2.6.14-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2012-03-11 17:02:06 UTC

puppet-2.6.14-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2012-03-11 18:53:23 UTC

puppet-2.6.14-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2012-03-11 18:53:41 UTC

puppet-2.6.14-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.