Moderate severityNVD Advisory· Published May 29, 2012· Updated Apr 29, 2026
CVE-2012-1053
CVE-2012-1053
Description
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
puppetRubyGems | >= 2.6, < 2.6.14 | 2.6.14 |
puppetRubyGems | >= 2.7, < 2.7.11 | 2.7.11 |
Affected products
35cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*
Patches
176d0749f0a9a(#12459) drop supplementary groups when permanently dropping UID
2 files changed · +7 −2
lib/puppet/util/suidmanager.rb+5 −2 modified@@ -93,11 +93,14 @@ def change_user(user, permanently=false) raise Puppet::Error, "No such user #{user}" unless uid if permanently + # If changing uid, we must be root. So initgroups first here. + initgroups(uid) + begin + # Prefer the better `change_privilege` method, but if that fails us, + # fall back to directly setting the values. Process::UID.change_privilege(uid) rescue NotImplementedError - # If changing uid, we must be root. So initgroups first here. - initgroups(uid) Process.euid = uid Process.uid = uid end
spec/unit/util/suidmanager_spec.rb+2 −0 modified@@ -165,6 +165,8 @@ Process.euid = uid end + Puppet::Util::SUIDManager.expects(:initgroups).with(42) + Puppet::Util::SUIDManager.change_user(42, true) xids[:euid].should == 42
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
27- puppetlabs.com/security/cve/cve-2012-1053/nvdVendor Advisory
- secunia.com/advisories/48161nvdVendor Advisory
- secunia.com/advisories/48166nvdVendor Advisory
- secunia.com/advisories/48290nvdVendor Advisory
- github.com/advisories/GHSA-77hg-g8cc-5r37ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1053ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/73445nvdWEB
- github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36ghsaWEB
- ubuntu.com/usn/usn-1372-1ghsaWEB
- web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053ghsaWEB
- web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458ghsaWEB
- web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457ghsaWEB
- web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459ghsaWEB
- web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158ghsaWEB
- web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_NotesghsaWEB
- www.debian.org/security/2012/dsa-2419ghsaWEB
- lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.htmlnvd
- projects.puppetlabs.com/issues/12457nvd
- projects.puppetlabs.com/issues/12458nvd
- projects.puppetlabs.com/issues/12459nvd
- projects.puppetlabs.com/projects/1/wiki/Release_Notesnvd
- secunia.com/advisories/48157nvd
- ubuntu.com/usn/usn-1372-1nvd
- www.debian.org/security/2012/dsa-2419nvd
- www.osvdb.org/79495nvd
- www.securityfocus.com/bid/52158nvd
- hermes.opensuse.org/messages/15087408nvd
News mentions
0No linked articles in our index yet.