CVE-2012-1053
Description
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-1053
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/48290
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/48166
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/48161
Vendor advisory: cve@mitre.org — http://puppetlabs.com/security/cve/cve-2012-1053/
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bullseye | fixed | 2.7.11-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| puppet | puppet | 2.6.0 | |
| puppet | puppet | 2.6.1 | |
| puppet | puppet | 2.6.2 | |
| puppet | puppet | 2.6.3 | |
| puppet | puppet | 2.6.4 | |
| puppet | puppet | 2.6.5 | |
| puppet | puppet | 2.6.6 | |
| puppet | puppet | 2.6.7 | |
| puppet | puppet | 2.6.8 | |
| puppet | puppet | 2.6.9 | |
| puppet | puppet | 2.6.10 | |
| puppet | puppet | 2.6.11 | |
| puppet | puppet | 2.6.12 | |
| puppet | puppet | 2.6.13 | |
| puppet | puppet | 2.7.2 | |
| puppet | puppet | 2.7.3 | |
| puppet | puppet | 2.7.4 | |
| puppet | puppet | 2.7.5 | |
| puppet | puppet | 2.7.6 | |
| puppet | puppet | 2.7.7 | |
| puppet | puppet | 2.7.8 | |
| puppet | puppet | 2.7.9 | |
| puppet | puppet | 2.7.10 | |
| puppetlabs | puppet | 2.7.0 | |
| puppetlabs | puppet | 2.7.1 | |
| puppet | puppet_enterprise | 1.2.0 | |
| puppet | puppet_enterprise | 1.2.1 | |
| puppet | puppet_enterprise | 1.2.2 | |
| puppet | puppet_enterprise | 1.2.3 | |
| puppet | puppet_enterprise | 1.2.4 | |
| puppet | puppet_enterprise | 2.0.0 | |
| puppet | puppet_enterprise | 2.0.1 | |
| puppet | puppet_enterprise | 2.0.2 | |
| puppetlabs | puppet_enterprise_users | 1.0 | |
| puppetlabs | puppet_enterprise_users | 1.1 | |
References
- https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
- http://projects.puppetlabs.com/issues/12457
- http://projects.puppetlabs.com/issues/12458
- http://projects.puppetlabs.com/issues/12459
- http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
- http://puppetlabs.com/security/cve/cve-2012-1053/
- http://secunia.com/advisories/48157
- http://secunia.com/advisories/48161
- http://secunia.com/advisories/48166
- http://secunia.com/advisories/48290
- http://ubuntu.com/usn/usn-1372-1
- http://www.debian.org/security/2012/dsa-2419
- http://www.osvdb.org/79495
- http://www.securityfocus.com/bid/52158
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
- https://hermes.opensuse.org/messages/15087408
- https://nvd.nist.gov/vuln/detail/CVE-2012-1053
- https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36
- https://ubuntu.com/usn/usn-1372-1
- https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458
- https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457
- https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459
- https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158
- https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.