Novell Home

CVE-2012-1053

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-1053 at MITRE

Description

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 747657

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • puppet >= 2.6.12-0.12.1
sles11-sp1.x86-64
sles11-sp1.ppc
sles11-sp1-vmware.x86-64
sles11-sp1-vmware.x86-64
sles11-sp1.s390x
sles11-sp1.ia64
sled11-sp1.x86-64
sles11-sp1-vmware.x86
sles11-sp1-vmware.x86
sled11-sp1.x86-64
sles11-sp2.ppc
sles11-sp2.x86
sles11-sp1.x86
sles11-sp2.x86-64
sled11-sp2.x86
sles11-sp1.x86-64
sles11-sp1.ia64
sles11-sp2.s390x
sled11-sp1.x86
sles11-sp1.ppc
sles11-sp2.ia64
sles11-sp1.x86
sled11-sp2.x86-64
sles11-sp1.s390x
sled11-sp1.x86
SAT Patch Nr: 5876
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • puppet >= 2.6.12-0.12.1
  • puppet-server >= 2.6.12-0.12.1
sles11-sp1.x86-64
sles11-sp1.ppc
sles11-sp1-vmware.x86-64
sles11-sp1-vmware.x86-64
sles11-sp1.s390x
sles11-sp1.ia64
sled11-sp1.x86-64
sles11-sp1-vmware.x86
sles11-sp1-vmware.x86
sled11-sp1.x86-64
sles11-sp2.ppc
sles11-sp2.x86
sles11-sp1.x86
sles11-sp2.x86-64
sled11-sp2.x86
sles11-sp1.x86-64
sles11-sp1.ia64
sles11-sp2.s390x
sled11-sp1.x86
sles11-sp1.ppc
sles11-sp2.ia64
sles11-sp1.x86
sled11-sp2.x86-64
sles11-sp1.s390x
sled11-sp1.x86
SAT Patch Nr: 5876

© 2014 Novell