Информационная безопасность
[RU] switch to English


Уязвимости безопасности в puppet
Опубликовано:2 октября 2013 г.
Источник:
SecurityVulns ID:13313
Тип:локальная
Уровень опасности:
5/10
Описание:Выполнение кода, повышение привилегий.
Затронутые продукты:PUPPET : Puppet 3.2
CVE:CVE-2013-4956 (Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.)
 CVE-2013-4761 (Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.)
Оригинальный текстdocumentUBUNTU, [USN-1928-1] Puppet vulnerabilities (02.10.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород