Overview

CVE-2012-1906 (Arbitrary Code Execution)

A bug in Puppet uses a predictable filename in /tmp.

When installing Mac OS X packages from a remote source, Puppet uses a predictable filename in /tmp to store the package. Using a symlink at that filename, it is possible to either overwrite arbitrary files on the system or to install an arbitrary package. (Note that OS X package installers can also execute arbitrary code.)

Status

  • Resolved in Puppet 2.6.15 (source), 2.7.13 (source), rpm, deb, dmg
  • Resolved in Puppet Enterprise 1.2.5 and 2.5.1
  • Hotfixes available for Puppet Enterprise 1.0, 1.1, 1.2.x, and 2.0.x

Hotfixes