puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
References
Link | Resource |
---|---|
http://projects.reductivelabs.com/issues/1806 | Patch Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=475201 | Exploit Issue Tracking Third Party Advisory |
https://puppet.com/security/cve/cve-2009-3564 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-10-06T17:22:00
Updated: 2017-12-08T10:57:01
Reserved: 2009-10-05T00:00:00
Link: CVE-2009-3564
JSON object: View
NVD Information
Status : Analyzed
Published: 2009-10-06T17:30:00.217
Modified: 2024-06-10T19:15:06.100
Link: CVE-2009-3564
JSON object: View
Redhat Information
No data.
CWE