Moderate severityNVD Advisory· Published May 29, 2012· Updated Jun 16, 2026
CVE-2012-1053
CVE-2012-1053
Description
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
puppetRubyGems | >= 2.6, < 2.6.14 | 2.6.14 |
puppetRubyGems | >= 2.7, < 2.7.11 | 2.7.11 |
Affected products
36cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
27- puppetlabs.com/security/cve/cve-2012-1053/nvdVendor Advisory
- secunia.com/advisories/48161nvdVendor Advisory
- secunia.com/advisories/48166nvdVendor Advisory
- secunia.com/advisories/48290nvdVendor Advisory
- github.com/advisories/GHSA-77hg-g8cc-5r37ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1053ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/73445nvdWEB
- github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36ghsaWEB
- ubuntu.com/usn/usn-1372-1ghsaWEB
- web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053ghsaWEB
- web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458ghsaWEB
- web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457ghsaWEB
- web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459ghsaWEB
- web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158ghsaWEB
- web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_NotesghsaWEB
- www.debian.org/security/2012/dsa-2419ghsaWEB
- lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.htmlnvd
- projects.puppetlabs.com/issues/12457nvd
- projects.puppetlabs.com/issues/12458nvd
- projects.puppetlabs.com/issues/12459nvd
- projects.puppetlabs.com/projects/1/wiki/Release_Notesnvd
- secunia.com/advisories/48157nvd
- ubuntu.com/usn/usn-1372-1nvd
- www.debian.org/security/2012/dsa-2419nvd
- www.osvdb.org/79495nvd
- www.securityfocus.com/bid/52158nvd
- hermes.opensuse.org/messages/15087408nvd
News mentions
0No linked articles in our index yet.