CVE-2012-1988 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-1988 Interim 1 12 2023-02-15T02:19:50Z current 2021-05-30T13:03:18Z 2023-02-15T02:19:50Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-1988 Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2012-June/000153.html E-Mail link for SUSE-SU-2012:0771-1 https://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html E-Mail link for openSUSE-SU-2012:0608-1 https://lists.opensuse.org/opensuse-updates/2012-07/msg00015.html E-Mail link for openSUSE-SU-2012:0835-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 puppet-2.6.12-0.14.1 puppet-2.6.18-0.4.2 puppet-2.7.26-0.5.1 puppet-server-2.6.12-0.14.1 puppet-server-2.6.18-0.4.2 puppet-server-2.7.26-0.5.1 pwdutils-3.2.8-0.2.35 puppet-2.6.12-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA puppet-server-2.6.12-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA pwdutils-3.2.8-0.2.35 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA puppet-2.6.18-0.4.2 as a component of SUSE Linux Enterprise Server 11 SP3 puppet-server-2.6.18-0.4.2 as a component of SUSE Linux Enterprise Server 11 SP3 puppet-2.7.26-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP4 puppet-server-2.7.26-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP4 Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. CVE-2012-1988 SUSE Linux Enterprise Server 11 SP1-TERADATA:puppet-2.6.12-0.14.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:puppet-server-2.6.12-0.14.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:pwdutils-3.2.8-0.2.35 SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.4.2 SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.4.2 SUSE Linux Enterprise Server 11 SP4:puppet-2.7.26-0.5.1 SUSE Linux Enterprise Server 11 SP4:puppet-server-2.7.26-0.5.1 moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P