CVE-2012-1054 (Local User Privilege Escalation)

K5login type will write to untrusted locations

If a user's .k5login file is a symlink, Puppet will overwrite the link's target when managing that user's login file with the k5login resource type. This allows local privilege escalation by linking a user's .k5login file to root's .k5login file.


  • Resolved in Puppet 2.6.14 (source), 2.7.11 (source), rpm, deb
  • Resolved in Puppet Enterprise 1.2.5 and 2.0.3
  • Hotfixes available for Puppet Enterprise 1.0, 1.1, and 1.2.x