NVD Vulnerability Detail

CVE-2012-1053

Summary	The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
Publication Date	May 30, 2012, 5:55 a.m.
Registration Date	Jan. 28, 2021, 2:54 p.m.
Last Update	Nov. 21, 2024, 10:36 a.m.

CVSS2.0 : MEDIUM
Score	6.9
Vector	AV:L/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:puppet:puppet:2.6.0:::::::*
cpe:2.3:a:puppet:puppet:2.6.1:::::::*
cpe:2.3:a:puppet:puppet:2.6.2:::::::*
cpe:2.3:a:puppet:puppet:2.6.3:::::::*
cpe:2.3:a:puppet:puppet:2.6.4:::::::*
cpe:2.3:a:puppet:puppet:2.6.5:::::::*
cpe:2.3:a:puppet:puppet:2.6.6:::::::*
cpe:2.3:a:puppet:puppet:2.6.7:::::::*
cpe:2.3:a:puppet:puppet:2.6.8:::::::*
cpe:2.3:a:puppet:puppet:2.6.9:::::::*
cpe:2.3:a:puppet:puppet:2.6.10:::::::*
cpe:2.3:a:puppet:puppet:2.6.11:::::::*
cpe:2.3:a:puppet:puppet:2.6.12:::::::*
cpe:2.3:a:puppet:puppet:2.6.13:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:puppetlabs:puppet:2.7.0:::::::*
cpe:2.3:a:puppetlabs:puppet:2.7.1:::::::*
cpe:2.3:a:puppet:puppet:2.7.2:::::::*
cpe:2.3:a:puppet:puppet:2.7.3:::::::*
cpe:2.3:a:puppet:puppet:2.7.4:::::::*
cpe:2.3:a:puppet:puppet:2.7.5:::::::*
cpe:2.3:a:puppet:puppet:2.7.6:::::::*
cpe:2.3:a:puppet:puppet:2.7.7:::::::*
cpe:2.3:a:puppet:puppet:2.7.8:::::::*
cpe:2.3:a:puppet:puppet:2.7.9:::::::*
cpe:2.3:a:puppet:puppet:2.7.10:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:::::::*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:::::::*
cpe:2.3:a:puppet:puppet_enterprise:2.0.0:::::::*
cpe:2.3:a:puppet:puppet_enterprise:2.0.1:::::::*
cpe:2.3:a:puppet:puppet_enterprise:2.0.2:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.1:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.2:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.3:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.4:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
2	http://projects.puppetlabs.com/issues/12457
3	http://projects.puppetlabs.com/issues/12458
4	http://projects.puppetlabs.com/issues/12459
5	http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
6	http://puppetlabs.com/security/cve/cve-2012-1053/	Vendor Advisory
7	http://secunia.com/advisories/48157
8	http://secunia.com/advisories/48161	Vendor Advisory
9	http://secunia.com/advisories/48166	Vendor Advisory
10	http://secunia.com/advisories/48290	Vendor Advisory
11	http://ubuntu.com/usn/usn-1372-1
12	http://www.debian.org/security/2012/dsa-2419
13	http://www.osvdb.org/79495
14	http://www.securityfocus.com/bid/52158
15	https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
16	https://hermes.opensuse.org/messages/15087408
17	http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
18	https://hermes.opensuse.org/messages/15087408
19	https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
20	http://www.securityfocus.com/bid/52158
21	http://www.osvdb.org/79495
22	http://www.debian.org/security/2012/dsa-2419
23	http://ubuntu.com/usn/usn-1372-1
24	http://secunia.com/advisories/48290	Vendor Advisory
25	http://secunia.com/advisories/48166	Vendor Advisory
26	http://secunia.com/advisories/48161	Vendor Advisory
27	http://secunia.com/advisories/48157
28	http://puppetlabs.com/security/cve/cve-2012-1053/	Vendor Advisory
29	http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
30	http://projects.puppetlabs.com/issues/12459
31	http://projects.puppetlabs.com/issues/12458
32	http://projects.puppetlabs.com/issues/12457

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

Puppet および Puppet Enterprise の change_user メソッドにおける権限を取得される脆弱性

Title	Puppet および Puppet Enterprise の change_user メソッドにおける権限を取得される脆弱性
Summary	Puppet および Puppet Enterprise (PE) の SUIDManager (lib/puppet/util/suidmanager.rb) 内の change_user メソッドは、グループの権限を適切に管理しないため、権限を取得される脆弱性が存在します。
Possible impacts	ローカルユーザにより、権限を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 29, 2012, midnight
Registration Date	May 31, 2012, 2:17 p.m.
Last Update	July 25, 2012, 11 a.m.

Affected System

Puppet

Puppet 2.6.14 未満の 2.6.x

Puppet 2.7.11 未満の 2.7.x

Puppet Enterprise 1.0

Puppet Enterprise 1.1

Puppet Enterprise 1.2.x

Puppet Enterprise 2.0.3 未満の 2.0.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1053	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053
National Vulnerability Database (NVD)
2	CVE-2012-1053	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1053
Puppet
3	CVE-2012-1053	http://puppetlabs.com/security/cve/cve-2012-1053/

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-2419-1	http://www.debian.org/security/2012/dsa-2419
opensuse-security-announce
2	SUSE-SU-2012:0325	http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
opensuse-updates
3	openSUSE-SU-2012:0835	http://lists.opensuse.org/opensuse-updates/2012-07/msg00015.html
Puppet
4	Release Notes 2.6.14	http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
5	Release Notes 2.7.11	http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.11
Ubuntu Security Notice
6	USN-1372-1	http://www.ubuntu.com/usn/usn-1372-1/

Change Log

No	Changed Details	Date of change
0	[2012年05月31日] 掲載 [2012年07月25日] ベンダ情報：openSUSE (SUSE-SU-2012:0325) を追加ベンダ情報：openSUSE (openSUSE-SU-2012:0835) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:puppet:puppet:2.6.0:::::::*
cpe:2.3:a:puppet:puppet:2.6.1:::::::*
cpe:2.3:a:puppet:puppet:2.6.2:::::::*
cpe:2.3:a:puppet:puppet:2.6.3:::::::*
cpe:2.3:a:puppet:puppet:2.6.4:::::::*
cpe:2.3:a:puppet:puppet:2.6.5:::::::*
cpe:2.3:a:puppet:puppet:2.6.6:::::::*
cpe:2.3:a:puppet:puppet:2.6.7:::::::*
cpe:2.3:a:puppet:puppet:2.6.8:::::::*
cpe:2.3:a:puppet:puppet:2.6.9:::::::*
cpe:2.3:a:puppet:puppet:2.6.10:::::::*
cpe:2.3:a:puppet:puppet:2.6.11:::::::*
cpe:2.3:a:puppet:puppet:2.6.12:::::::*
cpe:2.3:a:puppet:puppet:2.6.13:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:puppetlabs:puppet:2.7.0:::::::*
cpe:2.3:a:puppetlabs:puppet:2.7.1:::::::*
cpe:2.3:a:puppet:puppet:2.7.2:::::::*
cpe:2.3:a:puppet:puppet:2.7.3:::::::*
cpe:2.3:a:puppet:puppet:2.7.4:::::::*
cpe:2.3:a:puppet:puppet:2.7.5:::::::*
cpe:2.3:a:puppet:puppet:2.7.6:::::::*
cpe:2.3:a:puppet:puppet:2.7.7:::::::*
cpe:2.3:a:puppet:puppet:2.7.8:::::::*
cpe:2.3:a:puppet:puppet:2.7.9:::::::*
cpe:2.3:a:puppet:puppet:2.7.10:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:::::::*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:::::::*
cpe:2.3:a:puppet:puppet_enterprise:2.0.0:::::::*
cpe:2.3:a:puppet:puppet_enterprise:2.0.1:::::::*
cpe:2.3:a:puppet:puppet_enterprise:2.0.2:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.1:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.2:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.3:::::::*
cpe:2.3:a:puppet:puppet_enterprise:1.2.4:::::::*