Bugzilla – Bug 856843
VUL-0: CVE-2013-4969: puppet: Unsafe use of Temp files in File type (Local Privilege Escalation)
Last modified: 2014-10-01 20:55:19 UTC
via direct contact. CVE-2013-4969 Puppet Labs has become aware of a security vulnerability Puppet. This vulnerability was discovered internally and has not been publicly disclosed. We appreciate your consideration to the sensitivity of this information, and respectfully ask that you refrain from publicly disclosing the contents of this email until our planned disclosure date, Thursday, December 26, 2013, UTC 18:00. We have attached patches for the following versions of puppet in the 2.7.x and 3.3.x series: * 2.7.x - CVE-2013-4969-2.7.x-temp-file.patch * 3.3.x - CVE-2013-4969-3.3.x-temp-file.patch While the Puppet 2.7.x series is officially end of life, a few brave community members have offered to continue unofficial maintenance of 2.7.x for a short time. For this release, Sam Kottler has offered his assistance applying the 2.7.x patch. If you require assistance with the 2.7.x patch, please contact Sam Kottler at s@shk.io. Along with Puppet 3.3.3, a "community" release of Puppet 2.7.24 will be issued on our stated disclosure date. If you have trouble with the 3.3.x patch, please let us know and we will attempt to assist as much as possible. # Vulnerability Summary # CVE-2013-4969 Unsafe use of Temp files in File type (Local Privilege Escalation) Assessed Risk Level: Medium Puppet uses temp files unsafely by looking for a name it can use in a directory, and then later writing to that file, creating a vulnerability in which an attacker could make the name a symlink to another file and thereby cause the puppet agent to overwrite something that it did not intend to. The degree of difficulty to exploit this vulnerability is high. We have not actually exploited this vulnerability successfully. # Commits in Fixes # These commits will be in the 2.7.24 and 3.3.3 releases of Puppet, respectively. 2.7.24 ====== 691fbbe (#23343) Use `replace_file` to update a file's contents 3.3.3 ====== 2bcd29c (#23343) Use `replace_file` to update a file's contents If you have any questions or need additional clarification, please respond to distro-maintainers@puppetlabs.com Thank you, Moses Mendoza Puppet Labs
is public: http://puppetlabs.com/security/cve/cve-2013-4969
bugbot adjusting priority
Created attachment 574279 [details] Fix for tempfile vulnerability CVE-2013-4969
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-06-27. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57825
Update released for: puppet, puppet-server Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: puppet, puppet-server Products: SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0880-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 856843,879913 CVE References: CVE-2013-4969,CVE-2014-3248,CVE-2014-3250 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): puppet-2.6.18-0.16.1 SUSE Linux Enterprise Server 11 SP3 (src): puppet-2.6.18-0.16.1 SUSE Linux Enterprise Desktop 11 SP3 (src): puppet-2.6.18-0.16.1
released and fixed
mark resovled