CVE-2010-0156

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.

Published: Mar 3, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0156
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.3
AV:L/AC:M/Au:N/C:N/I:P/A:P

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
puppet / puppet	0.24.3	0.24.3.x
puppet / puppet	0.25.0-beta1	0.25.0-beta1.x
puppet / puppet	0.25.0-rc1	0.25.0-rc1.x
puppet / puppet	0.24.5	0.24.5.x
puppet / puppet	0.25.1	0.25.1.x
puppet / puppet	0.25.1-rc2	0.25.1-rc2.x
puppet / puppet	0.24.6-rc1	0.24.6-rc1.x
puppet / puppet	0.24.7-rc2	0.24.7-rc2.x
puppet / puppet	0.25.2-rc3	0.25.2-rc3.x
puppet / puppet	0.24.7	0.24.7.x
puppet / puppet	0.25.2-rc2	0.25.2-rc2.x
puppet / puppet	0.24.6	0.24.6.x
puppet / puppet	0.25.0	0.25.0.x
puppet / puppet	0.25.1-rc1	0.25.1-rc1.x
puppet / puppet	0.25.2-rc1	0.25.2-rc1.x
puppet / puppet	0.24.4	0.24.4.x
puppet / puppet	0.25.0-beta2	0.25.0-beta2.x
puppet / puppet	0.24.8	0.24.8.x
puppet / puppet	0.24.8-rc1	0.24.8-rc1.x
puppet / puppet	0.24.6-rc2	0.24.6-rc2.x

Vulnerability Database

289,697

CVE-2010-0156