CVE-2011-3870

Publication date 1 October 2011

Last updated 24 July 2024

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
puppet	11.04 natty	Fixed 2.6.4-2ubuntu2.3
	10.10 maverick	Fixed 2.6.1-0ubuntu2.2
	10.04 LTS lucid	Fixed 0.25.4-2ubuntu6.3
	8.04 LTS hardy	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1223-1
Puppet vulnerabilities
30 September 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-3870