ID de Prueba:	1.3.6.1.4.1.25623.1.0.120501
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2011-11)
Resumen:	The remote host is missing an update for the 'puppet' package(s) announced via the ALAS-2011-11 advisory.
Descripción:	Summary: The remote host is missing an update for the 'puppet' package(s) announced via the ALAS-2011-11 advisory. Vulnerability Insight: Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. Affected Software/OS: 'puppet' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.3 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3869 Debian Security Information: DSA-2314 (Google Search) http://www.debian.org/security/2011/dsa-2314 http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html http://secunia.com/advisories/46458 http://www.ubuntu.com/usn/USN-1223-1 http://www.ubuntu.com/usn/USN-1223-2 Common Vulnerability Exposure (CVE) ID: CVE-2011-3870 Common Vulnerability Exposure (CVE) ID: CVE-2011-3871
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.