首页   注册   登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Coding
V2EX  ›  Puppet

Puppet 出现两个漏洞:任意代码执行、模块权限绕过,大家尽快升级!

  •  
  •   ptcracker · 2013-08-28 18:45:13 +08:00 · 3970 次点击
    这是一个创建于 2296 天前的主题,其中的信息可能已经有所发展或是发生改变。
    _______________________________________________________________________

    Package : puppet
    Date : August 27, 2013
    _______________________________________________________________________

    Problem Description:

    Updated puppet and puppet3 package fix security vulnerabilities:

    It was discovered that Puppet incorrectly handled the resource_type
    service. A local attacker on the master could use this issue to
    execute arbitrary Ruby files (CVE-2013-4761).

    It was discovered that Puppet incorrectly handled permissions on the
    modules it installed. Modules could be installed with the permissions
    that existed when they were built, possibly exposing them to a local
    attacker (CVE-2013-4956).
    _______________________________________________________________________

    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
    http://advisories.mageia.org/MGASA-2013-0259.html
    _______________________________________________________________________
    目前尚无回复
    关于   ·   FAQ   ·   API   ·   我们的愿景   ·   广告投放   ·   感谢   ·   实用小工具   ·   1070 人在线   最高记录 5043   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.3 · 24ms · UTC 19:09 · PVG 03:09 · LAX 11:09 · JFK 14:09
    ♥ Do have faith in what you're doing.