CVE-2013-4956 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-4956 Interim 1 11 2022-10-15T17:29:54Z current 2021-05-30T13:14:59Z 2022-10-15T17:29:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-4956 Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 openSUSE Tumbleweed puppet-3.6.2-3.62 puppet-3.8.5-14.1 puppet-3.8.5-15.9.1 puppet-3.8.5-5.1 puppet-server-3.6.2-3.62 ruby2.2-rubygem-puppet-3.8.7-2.2 ruby2.2-rubygem-puppet-doc-3.8.7-2.2 ruby2.2-rubygem-puppet-testsuite-3.8.7-2.2 ruby2.3-rubygem-puppet-3.8.7-2.2 ruby2.3-rubygem-puppet-doc-3.8.7-2.2 ruby2.3-rubygem-puppet-testsuite-3.8.7-2.2 rubygem-puppet-3.8.7-2.2 rubygem-puppet-emacs-3.8.7-2.2 rubygem-puppet-master-3.8.7-2.2 rubygem-puppet-master-unicorn-3.8.7-2.2 rubygem-puppet-vim-3.8.7-2.2 puppet-3.6.2-3.62 as a component of SUSE Linux Enterprise Desktop 12 puppet-3.6.2-3.62 as a component of SUSE Linux Enterprise Desktop 12 SP1 puppet-3.8.5-5.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 puppet-3.8.5-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 puppet-3.8.5-15.9.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 puppet-3.6.2-3.62 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 puppet-server-3.6.2-3.62 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 ruby2.2-rubygem-puppet-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.2-rubygem-puppet-doc-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.2-rubygem-puppet-testsuite-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.3-rubygem-puppet-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.3-rubygem-puppet-doc-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.3-rubygem-puppet-testsuite-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-emacs-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-master-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-master-unicorn-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-vim-3.8.7-2.2 as a component of openSUSE Tumbleweed Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. CVE-2013-4956 SUSE Linux Enterprise Desktop 12:puppet-3.6.2-3.62 SUSE Linux Enterprise Desktop 12 SP1:puppet-3.6.2-3.62 SUSE Linux Enterprise Desktop 12 SP2:puppet-3.8.5-5.1 SUSE Linux Enterprise Desktop 12 SP3:puppet-3.8.5-14.1 SUSE Linux Enterprise Desktop 12 SP4:puppet-3.8.5-15.9.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:puppet-3.6.2-3.62 SUSE Linux Enterprise Module for Advanced Systems Management 12:puppet-server-3.6.2-3.62 openSUSE Tumbleweed:ruby2.2-rubygem-puppet-3.8.7-2.2 openSUSE Tumbleweed:ruby2.2-rubygem-puppet-doc-3.8.7-2.2 openSUSE Tumbleweed:ruby2.2-rubygem-puppet-testsuite-3.8.7-2.2 openSUSE Tumbleweed:ruby2.3-rubygem-puppet-3.8.7-2.2 openSUSE Tumbleweed:ruby2.3-rubygem-puppet-doc-3.8.7-2.2 openSUSE Tumbleweed:ruby2.3-rubygem-puppet-testsuite-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-emacs-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-master-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-master-unicorn-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-vim-3.8.7-2.2 low 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N