Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2011-11)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.120501

Kategorie: Amazon Linux Local Security Checks

Titel: Amazon Linux: Security Advisory (ALAS-2011-11)

Zusammenfassung: The remote host is missing an update for the 'puppet' package(s) announced via the ALAS-2011-11 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'puppet' package(s) announced via the ALAS-2011-11 advisory.

Vulnerability Insight:
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.

Affected Software/OS:
'puppet' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.3

CVSS Vector:
AV:L/AC:M/Au:N/C:N/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-3869
Debian Security Information: DSA-2314 (Google Search)
http://www.debian.org/security/2011/dsa-2314
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
http://secunia.com/advisories/46458
http://www.ubuntu.com/usn/USN-1223-1
http://www.ubuntu.com/usn/USN-1223-2
Common Vulnerability Exposure (CVE) ID: CVE-2011-3870
Common Vulnerability Exposure (CVE) ID: CVE-2011-3871

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.120501
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2011-11)
Zusammenfassung:	The remote host is missing an update for the 'puppet' package(s) announced via the ALAS-2011-11 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'puppet' package(s) announced via the ALAS-2011-11 advisory. Vulnerability Insight: Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. Affected Software/OS: 'puppet' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.3 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3869 Debian Security Information: DSA-2314 (Google Search) http://www.debian.org/security/2011/dsa-2314 http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html http://secunia.com/advisories/46458 http://www.ubuntu.com/usn/USN-1223-1 http://www.ubuntu.com/usn/USN-1223-2 Common Vulnerability Exposure (CVE) ID: CVE-2011-3870 Common Vulnerability Exposure (CVE) ID: CVE-2011-3871
Copyright	Copyright (C) 2015 Greenbone AG