Bug #13260
appdmg and pkgdmg providers write packages to insecure location
| Status: | Closed | Start date: | 03/20/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Patrick Carlisle | % Done: | 0% | |
| Category: | security | |||
| Target version: | 2.7.13 | |||
| Affected Puppet version: | 2.6.0 | Branch: | https://github.com/pcarlisle/puppet-cve-test/tree/ticket/2.7.x/13260-dmg-providers | |
| Keywords: | ||||
Description
These providers are only used on darwin. If a remote source is given for a package, the package is downloaded to a predictable filename in /tmp. It is possible to create a symlink at this name and use it to clobber any file on the system, or by switching the symlink install arbitrary packages (and package installers can execute arbitrary code).
History
#1
Updated by Patrick Carlisle over 1 year ago
- Affected Puppet version changed from 2.7.12rc2 to 2.7.12
#2
Updated by Patrick Carlisle about 1 year ago
- Status changed from Accepted to In Topic Branch Pending Review
- Target version set to 2.7.13
- Branch set to https://github.com/pcarlisle/puppet-cve-test/tree/ticket/2.7.x/13260-dmg-providers
#3
Updated by Moses Mendoza about 1 year ago
- Status changed from In Topic Branch Pending Review to Closed
Released in 2.7.13, 2.6.15
#4
Updated by Matthaus Owens about 1 year ago
- Private changed from Yes to No
- Affected Puppet version changed from 2.7.12 to 2.6.0