Summary: | <app-admin/puppet-2.7.11: Group Privileges Security Issue and K5login Privilege Escalation Vulnerability (CVE-2012-{1053,1054}) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthew Marlowe (RETIRED) <mattm> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | major | CC: | matsuu | ||||||
Priority: | Normal | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | https://secunia.com/advisories/48166/ | ||||||||
Whiteboard: | B1 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Matthew Marlowe (RETIRED)
2012-02-15 21:52:59 UTC
Created attachment 302079 [details, diff]
2.7.x patch
Matthew, thanks for the bug. Please let us know when there is a timeline for disclosure. If you're able to attach an ebuild to this bug we can ask folks to test it before the issues become public. Three new notes: - when vulnerability is released, puppet labs plans to also label 2.7.10 a bad release due to other QA issues (I note that 2.7.10 isn't in tree now, so I guess that's good). - Security vulnerability will likely become public on either Tuesday or Wednesday so within the next 48hrs or so - While I'm an active user of puppet on gentoo and helping with communication between puppet labs and gentoo, matsuu has been maintaining the ebuilds and I cc'd him on this bug to ensure he had heads up. Of course, if he isn't available - I or most any devs can handle putting out a bump/patch. I'm happy to help wherever I can. - At same time as making announcement, puppet labs will be releasing early 2.7.11 and 2.6.14 ...so it may be more like a normal bump than creating an r1/etc These issues are now public. http://puppetlabs.com/security/cve/cve-2012-1053/ http://puppetlabs.com/security/cve/cve-2012-1054/ sorry for delay. 2.7.11 in cvs. please mark stable 2.7.11 Arches, please test and mark stable: =app-admin/puppet-2.7.11 Target keywords : "amd64 hppa ppc sparc x86" Stable for HPPA. ppc done amd64 stable x86 stable sparc stable thanks folks. already part of an existing GLSA request. This issue was resolved and addressed in GLSA 201203-03 at http://security.gentoo.org/glsa/glsa-201203-03.xml by GLSA coordinator Sean Amoss (ackle). CVE-2012-1054 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1054): Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login. CVE-2012-1053 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1053): The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors relate to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. |