CVSS 3 Base Score: Posted On: February 28, 2012Assessed Risk Level: NoneA bug in Puppet gives unexpected and improper group privileges to execs and types/providers. When executing commands as a different user, Puppet leaves the forked process with Puppet's own group permissions. Specifically: Puppet's primary group (usually root) is always present in a process's supplementary groups.When an `exec` resource has a specified `user` attribute but not a `group` attribute, Puppet will set its effective GID to Puppet's own GID (usually root).Permanently changing a process's UID and GID won't clear the supplementary groups, leaving the process with Puppet's own supplementary groups (usually including root). This causes any untrusted code executed by a Puppet exec resource to be given unexpectedly high permissions. Status:Affected software versions:Resolved in:Resolved in Puppet 2.6.14 (source), 2.7.11 (source), rpm, debResolved in Puppet Enterprise 1.2.5 and 2.0.3Hotfixes available for Puppet Enterprise 1.0, 1.1, and 1.2.xHotfixeshttp://puppetlabs.com/security/cve/cve-2012-1053/hotfixes/← Back to CVE Listings
