CVE-2012-1989 is an Arbitrary File Access vulnerability affecting Puppet versions 2.7.x prior to 2.7.13 and Puppet Enterprise (PE) versions 1.2.x, 2.0.x, and 2.5.x before 2.5.1. This flaw allows a local attacker to overwrite arbitrary files on the system by exploiting a symlink vulnerability within the telnet.rb module. The vulnerability has been published since 2017 and a fix is available in Puppet 2.7.13.
An attacker exploiting CVE-2012-1989 can gain the ability to overwrite any file accessible to the Puppet user. This could lead to privilege escalation, system compromise, or denial of service. The attacker needs local access to the Puppet agent and can leverage a symlink attack targeting the /tmp/out.log file, which is used for logging telnet connections. Successful exploitation could allow an attacker to modify configuration files, inject malicious code, or even overwrite critical system binaries, leading to a complete system takeover. The impact is particularly severe in environments where Puppet is used to manage critical infrastructure or sensitive data.
CVE-2012-1989 is not currently listed on KEV or EPSS. The CVSS score of 2.5 indicates a low probability of exploitation. While public proof-of-concept exploits are not widely available, the vulnerability's nature makes it potentially exploitable by skilled attackers. The vulnerability was published in 2017, suggesting it may have been exploited in the past, though no widespread campaigns are publicly known.
漏洞利用状态
EPSS
0.06% (18% 百分位)
The primary mitigation for CVE-2012-1989 is to upgrade Puppet to version 2.7.13 or later, or to Puppet Enterprise 2.5.1 or later. If immediate upgrading is not possible, consider restricting write access to the /tmp directory to only the Puppet user. Additionally, carefully review Puppet agent configurations to ensure that the telnet.rb module is not being used unnecessarily. Monitor Puppet agent logs for any suspicious activity related to file modifications. After upgrading, confirm the fix by attempting a symlink attack on /tmp/out.log and verifying that the attack is blocked.
暂无官方补丁。请查找临时解决方案或持续关注更新。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2012-1989 is a vulnerability in Puppet versions 2.7.x (<=2.7.9) and Puppet Enterprise (PE) versions 1.2.x, 2.0.x, and 2.5.x (<=2.5.0) that allows local attackers to overwrite files via a symlink attack on the telnet log.
You are affected if you are running Puppet versions 2.7.x prior to 2.7.13 or Puppet Enterprise (PE) versions 1.2.x, 2.0.x, and 2.5.x before 2.5.1. Check your Puppet version using pup control version.
Upgrade Puppet to version 2.7.13 or later, or to Puppet Enterprise 2.5.1 or later. As a temporary workaround, restrict write access to the /tmp directory.
While no widespread campaigns are publicly known, the vulnerability's nature makes it potentially exploitable. It's recommended to patch promptly.
Refer to the Puppet security advisory for CVE-2012-1989: https://puppet.com/security/advisories/cve-2012-1989
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 Gemfile.lock 文件,立即知道是否受影响。