Arbitrary File Overwrite Vulnerability in Puppet 2.7.x and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x

Arbitrary File Overwrite Vulnerability in Puppet 2.7.x and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x

CVE-2012-1989 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:P

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

Learn more about our User Device Pen Test.