CVE-2012-1906 (Arbitrary Code Execution)
A bug in Puppet uses a predictable filename in /tmp.
When installing Mac OS X packages from a remote source, Puppet uses a predictable filename in /tmp to store the package. Using a symlink at that filename, it is possible to either overwrite arbitrary files on the system or to install an arbitrary package. (Note that OS X package installers can also execute arbitrary code.)
- Resolved in Puppet 2.6.15 (source), 2.7.13 (source), rpm, deb, dmg
- Resolved in Puppet Enterprise 1.2.5 and 2.5.1
- Hotfixes available for Puppet Enterprise 1.0, 1.1, 1.2.x, and 2.0.x