Launchpad CVE tracker

CVE 2012-1989

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).

Related bugs and status

CVE-2012-1989 (Candidate) is related to these bugs:

Bug #978708: [Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986 through CVE-2012-1989

Summary				In	Importance	Status
	978708	[Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986 through CVE-2012-1989		puppet (Ubuntu)	Medium	Fix Released

Bug #1143009: Sync puppet 3.1.0-1 (main) from Debian experimental (main)

Summary				In	Importance	Status
	1143009	Sync puppet 3.1.0-1 (main) from Debian experimental (main)		puppet (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-1989

References