CVE-2012-1053 Information

Description

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11 and Puppet Enterprise (PE) Users 1.0 1.1 1.2.x 2.0.x before 2.0.3 does not properly manage group privileges which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions (2) changes to the eguid without associated changes to the egid or (3) the addition of the real gid to supplementary groups.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html http://projects.puppetlabs.com/issues/12457 http://projects.puppetlabs.com/issues/12458 http://projects.puppetlabs.com/issues/12459 http://projects.puppetlabs.com/projects/1/wiki/Release_Notes2.6.14 http://puppetlabs.com/security/cve/cve-2012-1053/ http://secunia.com/advisories/48157 http://secunia.com/advisories/48161 http://secunia.com/advisories/48166 http://secunia.com/advisories/48290 http://ubuntu.com/usn/usn-1372-1 http://www.debian.org/security/2012/dsa-2419 http://www.osvdb.org/79495 http://www.securityfocus.com/bid/52158 https://exchange.xforce.ibmcloud.com/vulnerabilities/73445 https://hermes.opensuse.org/messages/15087408