CVE-2012-1989 (Arbitrary File Write Access)

A bug in Puppet uses a predictable file name and allows writing to files on the puppet master.

The telnet connection type for managing network devices opens a NET::Telnet connection whose output log is written to a predictable location (/tmp/out.log). That log can be replaced by a symlink to an arbitrary location, potentially overwriting files.
Note: This only affects the 2.7 series of Puppet.


  • Resolved in 2.7.13 (source), rpm, deb
  • Resolved in Puppet Enterprise 2.5.1
  • Hotfixes available for Puppet Enterprise 2.0.x


Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.