Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: USN-917-1: Puppet vulnerabilities
Special Forums Cybersecurity Security Advisories (RSS) USN-917-1: Puppet vulnerabilities Post 302406989 by Linux Bot on Wednesday 24th of March 2010 10:00:02 AM
Old 03-24-2010
USN-917-1: Puppet vulnerabilities
Referenced CVEs:
CVE-2009-3564, CVE-2010-0156


Description:
=========================================================== Ubuntu Security Notice USN-917-1 March 24, 2010 puppet vulnerabilities CVE-2009-3564, CVE-2010-0156 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: puppet 0.24.8-2ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. (CVE-2009-3564) It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files. (CVE-2010-0156)





More...
 

LEARN ABOUT DEBIAN

ralsh

PUPPET-RESOURCE(8)						   Puppet manual						PUPPET-RESOURCE(8)

NAME

       puppet-resource - The resource abstraction layer shell

SYNOPSIS

       Uses the Puppet RAL to directly interact with the system.

USAGE

       puppet  resource  [-h|--help]  [-d|--debug]  [-v|--verbose]  [-e|--edit]  [-H|--host  host] [-p|--param parameter] [-t|--types] type [name]
       [attribute=value ...]

DESCRIPTION

       This command provides simple facilities for converting current system state into Puppet code, along with some ability to modify the current
       state using Puppet's RAL.

       By  default,  you must at least provide a type to list, in which case puppet resource will tell you everything it knows about all resources
       of that type. You can optionally specify an instance name, and puppet resource will only describe that single instance.

       If given a type, a name, and a series of attribute=value pairs, puppet resource will modify the state of  the  specified  resource.  Alter-
       nately,	if  given a type, a name, and the '--edit' flag, puppet resource will write its output to a file, open that file in an editor, and
       then apply the saved file as a Puppet transaction.

OPTIONS

       Note that any configuration parameter that's valid in the configuration file is also a valid long argument.  For  example,  'ssldir'  is  a
       valid configuration parameter, so you can specify '--ssldir directory' as an argument.

       See the configuration file documentation at http://docs.puppetlabs.com/references/stable/configuration.html for the full list of acceptable
       parameters. A commented list of all configuration options can also be generated by running puppet with '--genconfig'.

       --debug
	      Enable full debugging.

       --edit Write the results of the query to a file, open the file in an editor, and read the file back in as an executable Puppet manifest.

       --host When specified, connect to the resource server on the named host and retrieve the list of resouces of the type specified.

       --help Print this help message.

       --param
	      Add more parameters to be outputted from queries.

       --types
	      List all available types.

       --verbose
	      Print extra information.

EXAMPLE

       This example uses puppet resource to return a Puppet configuration for the user luke:

	   $ puppet resource user luke
	   user { 'luke':
	    home => '/home/luke',
	    uid => '100',
	    ensure => 'present',
	    comment => 'Luke Kanies,,,',
	    gid => '1000',
	    shell => '/bin/bash',
	    groups => ['sysadmin','audio','video','puppet']
	   }

AUTHOR

       Luke Kanies

COPYRIGHT

       Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License

Puppet Labs, LLC						     June 2012							PUPPET-RESOURCE(8)
All times are GMT -4. The time now is 02:40 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy