CVE-2012-1053

N/A Unknown

Published: May 29, 2012 Modified: April 29, 2026

Description

The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html

Source: cve@mitre.org

http://projects.puppetlabs.com/issues/12457

Source: cve@mitre.org

http://projects.puppetlabs.com/issues/12458

Source: cve@mitre.org

http://projects.puppetlabs.com/issues/12459

Source: cve@mitre.org

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14

Source: cve@mitre.org

http://puppetlabs.com/security/cve/cve-2012-1053/

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/48157

Source: cve@mitre.org

http://secunia.com/advisories/48161

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/48166

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/48290

Source: cve@mitre.org

Vendor Advisory

http://ubuntu.com/usn/usn-1372-1

Source: cve@mitre.org

http://www.debian.org/security/2012/dsa-2419

Source: cve@mitre.org

http://www.osvdb.org/79495

Source: cve@mitre.org

http://www.securityfocus.com/bid/52158

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/73445

Source: cve@mitre.org

https://hermes.opensuse.org/messages/15087408

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://projects.puppetlabs.com/issues/12457

Source: af854a3a-2127-422b-91ae-364da2661108

http://projects.puppetlabs.com/issues/12458

Source: af854a3a-2127-422b-91ae-364da2661108

http://projects.puppetlabs.com/issues/12459

Source: af854a3a-2127-422b-91ae-364da2661108

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14

Source: af854a3a-2127-422b-91ae-364da2661108

http://puppetlabs.com/security/cve/cve-2012-1053/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/48157

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48161

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/48166

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/48290

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://ubuntu.com/usn/usn-1372-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2419

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/79495

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/52158

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/73445

Source: af854a3a-2127-422b-91ae-364da2661108

https://hermes.opensuse.org/messages/15087408

Source: af854a3a-2127-422b-91ae-364da2661108

32 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.4%

30th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

puppet puppetlabs

Related CVEs

CVE-2026-9677 N/A

CVE-2026-13245 6.1

CVE-2026-12404 5.3

CVE-2026-10820 N/A

CVE-2026-12415 9.8