Moderate severityNVD Advisory· Published Feb 17, 2014· Updated Apr 29, 2026
CVE-2011-0528
CVE-2011-0528
Description
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
puppetRubyGems | >= 2.6.0, < 2.6.4 | 2.6.4 |
Affected products
4cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
Patches
1eee1a9cdaa5c(#5424) Ship auth.conf as part of installing from source
1 file changed · +38 −7
install.rb+38 −7 modified@@ -79,6 +79,7 @@ def glob(list) end # Set these values to what you want installed. +configs = glob(%w{conf/auth.conf}) sbins = glob(%w{sbin/*}) bins = glob(%w{bin/*}) rdoc = glob(%w{bin/* sbin/* lib/**/*.rb README README-library CHANGELOG TODO Install}).reject { |e| e=~ /\.(bat|cmd)$/ } @@ -87,6 +88,14 @@ def glob(list) libs = glob(%w{lib/**/*.rb lib/**/*.py lib/puppet/util/command_line/*}) tests = glob(%w{test/**/*.rb}) +def do_configs(configs, target, strip = 'conf/') + Dir.mkdir(target) unless File.directory? target + configs.each do |cf| + ocf = File.join(InstallOptions.config_dir, cf.gsub(/#{strip}/, '')) + File.install(cf, ocf, 0644, true) + end +end + def do_bins(bins, target, strip = 's?bin/') Dir.mkdir(target) unless File.directory? target bins.each do |bf| @@ -157,6 +166,8 @@ def check_prereqs def prepare_installation $operatingsystem = Facter["operatingsystem"].value + InstallOptions.configs = true + # Only try to do docs if we're sure they have rdoc if $haverdoc InstallOptions.rdoc = true @@ -193,9 +204,15 @@ def prepare_installation opts.on('--[no-]tests', 'Prevents the execution of unit tests.', 'Default on.') do |ontest| InstallOptions.tests = ontest end + opts.on('--[no-]configs', 'Prevents the installation of config files', 'Default off.') do |ontest| + InstallOptions.configs = ontest + end opts.on('--destdir[=OPTIONAL]', 'Installation prefix for all targets', 'Default essentially /') do |destdir| InstallOptions.destdir = destdir end + opts.on('--configdir[=OPTIONAL]', 'Installation directory for config files', 'Default /etc/puppet') do |configdir| + InstallOptions.configdir = configdir + end opts.on('--bindir[=OPTIONAL]', 'Installation directory for binaries', 'overrides Config::CONFIG["bindir"]') do |bindir| InstallOptions.bindir = bindir end @@ -209,15 +226,17 @@ def prepare_installation InstallOptions.mandir = mandir end opts.on('--quick', 'Performs a quick installation. Only the', 'installation is done.') do |quick| - InstallOptions.rdoc = false - InstallOptions.ri = false - InstallOptions.tests = false + InstallOptions.rdoc = false + InstallOptions.ri = false + InstallOptions.tests = false + InstallOptions.configs = true end opts.on('--full', 'Performs a full installation. All', 'optional installation steps are run.') do |full| - InstallOptions.rdoc = true - InstallOptions.man = true - InstallOptions.ri = true - InstallOptions.tests = true + InstallOptions.rdoc = true + InstallOptions.man = true + InstallOptions.ri = true + InstallOptions.tests = true + InstallOptions.configs = true end opts.separator("") opts.on_tail('--help', "Shows this help text.") do @@ -243,6 +262,12 @@ def prepare_installation Config::CONFIG['sbindir'] = "/usr/sbin" end + if not InstallOptions.configdir.nil? + configdir = InstallOptions.configdir + else + configdir = "/etc/puppet" + end + if not InstallOptions.bindir.nil? bindir = InstallOptions.bindir else @@ -277,22 +302,26 @@ def prepare_installation # To be deprecated once people move over to using --destdir option if (destdir = ENV['DESTDIR']) + configdir = "#{destdir}#{configdir}" bindir = "#{destdir}#{bindir}" sbindir = "#{destdir}#{sbindir}" mandir = "#{destdir}#{mandir}" sitelibdir = "#{destdir}#{sitelibdir}" + FileUtils.makedirs(configdir) if InstallOptions.configs FileUtils.makedirs(bindir) FileUtils.makedirs(sbindir) FileUtils.makedirs(mandir) FileUtils.makedirs(sitelibdir) # This is the new way forward elsif (destdir = InstallOptions.destdir) + configdir = "#{destdir}#{configdir}" bindir = "#{destdir}#{bindir}" sbindir = "#{destdir}#{sbindir}" mandir = "#{destdir}#{mandir}" sitelibdir = "#{destdir}#{sitelibdir}" + FileUtils.makedirs(configdir) if InstallOptions.configs FileUtils.makedirs(bindir) FileUtils.makedirs(sbindir) FileUtils.makedirs(mandir) @@ -303,6 +332,7 @@ def prepare_installation InstallOptions.tmp_dirs = tmpdirs.compact InstallOptions.site_dir = sitelibdir + InstallOptions.config_dir = configdir InstallOptions.bin_dir = bindir InstallOptions.sbin_dir = sbindir InstallOptions.lib_dir = libdir @@ -459,6 +489,7 @@ def install_binfile(from, op_file, target) #build_rdoc(rdoc) if InstallOptions.rdoc #build_ri(ri) if InstallOptions.ri #build_man(bins, sbins) if InstallOptions.man +do_configs(configs, InstallOptions.config_dir) if InstallOptions.configs do_bins(sbins, InstallOptions.sbin_dir) do_bins(bins, InstallOptions.bin_dir) do_libs(libs)
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-9pvx-fwwh-w289ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-0528ghsaADVISORY
- www.mail-archive.com/puppet-users@googlegroups.com/msg16429.htmlghsaWEB
- www.openwall.com/lists/oss-security/2011/01/27/6nvdWEB
- www.openwall.com/lists/oss-security/2011/01/31/5nvdWEB
- www.ubuntu.com/usn/USN-1365-1nvdWEB
- github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.ymlghsaWEB
- www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.htmlnvd
News mentions
0No linked articles in our index yet.