CVE-2010-0156 — Puppet arbitrary files overwrite via a symlink attack

Description

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.

How to fix CVE-2010-0156

To remediate CVE-2010-0156, upgrade the affected package to a fixed version below.

Debian/puppet—upgrade to 0.25.4-2 or later
RubyGems/puppet—upgrade to 0.24.9 or later

Is CVE-2010-0156 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.25.4-2
>= 0.24.0, < 0.24.9

References (14)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-0156
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-0156
PATCHgithub.com/puppetlabs/puppet
WEBgroups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087