Type: Local Privilege Escalation
Previously, puppet resource in --edit mode used an extremely predictable file name, which would persist on human timescales, could be known well ahead of creation, and would be run as the invoking user upon completion of the operation.
This could be exploited to trick the invoking user into editing an arbitrary target file, or running arbitrary Puppet code. As puppet resource is not very effective when not run as root, the potential effect of an attack was quite high.
- Resolved in Puppet 2.6.11 and 2.7.5
- Puppet Enterprise Hotfixes released as part of CVE-2011-3869 resolution: http://puppetlabs.com/security/hotfixes/cve-2011-3869-hotfixes/