CVE-2011-0528

Publication date 31 January 2011

Last updated 24 July 2024

Ubuntu priority

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
puppet	11.10 oneiric	Fixed 2.7.1-1ubuntu3.4
	11.04 natty	Fixed 2.6.4-2ubuntu2.7
	10.10 maverick	Fixed 2.6.1-0ubuntu2.5
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

per upstream, puppet prior to 2.6.0 not affected improper merges from Debian uncommitted the upstream fixes for this in 11.04 and 11.10.

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1365-1
Puppet vulnerability
14 February 2012

Other references

http://www.mail-archive.com/[email protected]/msg16429.html
https://www.cve.org/CVERecord?id=CVE-2011-0528