Novell Home

CVE-2012-3865

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3865 at MITRE

Description

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.

NVD CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 770829

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • puppet >= 2.6.17-0.3.1
sles11-sp2.s390x
sled11-sp2.x86
sles11-sp2.ppc
sles11-sp2.x86-64
sles11-sp1.x86
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sled11-sp1.x86-64
sles11-sp1-vmware.x86
sles11-sp2.x86
sles11-sp1.ppc
sles11-sp2.ia64
sled11-sp2.x86-64
sles11-sp1.x86-64
sles11-sp1.ia64
sled11-sp1.x86
SAT Patch Nr: 6561
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • puppet >= 2.6.17-0.3.1
  • puppet-server >= 2.6.17-0.3.1
sles11-sp2.s390x
sled11-sp2.x86
sles11-sp2.ppc
sles11-sp2.x86-64
sles11-sp1.x86
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sled11-sp1.x86-64
sles11-sp1-vmware.x86
sles11-sp2.x86
sles11-sp1.ppc
sles11-sp2.ia64
sled11-sp2.x86-64
sles11-sp1.x86-64
sles11-sp1.ia64
sled11-sp1.x86
SAT Patch Nr: 6561

© 2014 Novell