Main Vulnerability Database Vulnerabilities #VU31880

Link following in Puppet Agent - CVE-2013-4969

Published: January 7, 2014 / Updated: July 26, 2020

Vulnerability identifier: #VU31880

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-4969

CWE-ID: CWE-59

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Puppet Labs

Affected software:
Puppet Agent

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to manipulate data.

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

How to mitigate CVE-2013-4969

Install update from vendor's website.

Sources

http://puppetlabs.com/security/cve/cve-2013-4969
http://secunia.com/advisories/56253
http://secunia.com/advisories/56254
http://www.debian.org/security/2013/dsa-2831
http://www.ubuntu.com/usn/USN-2077-1

Link following in Puppet Agent - CVE-2013-4969

Detailed vulnerability description

How to mitigate CVE-2013-4969

Sources

Please verify you're human