Overview

CVE-2012-1054 (Local User Privilege Escalation)

K5login type will write to untrusted locations

If a user's `.k5login` file is a symlink, Puppet will overwrite the
link's target when managing that user's login file with the k5login
resource type. This allows local privilege escalation by linking a
user's `.k5login` file to root's `.k5login` file.

Status

  • Resolved in Puppet 2.6.14 (source), 2.7.11 (source), rpm, deb
  • Resolved in Puppet Enterprise 1.2.5 and 2.0.3
  • Hotfixes available for Puppet Enterprise 1.0, 1.1, and 1.2.x

Hotfixes