Moderate severityNVD Advisory· Published May 29, 2012· Updated Apr 29, 2026

CVE-2012-1906

Description

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
puppetRubyGems	>= 2.6, < 2.6.15	2.6.15
puppetRubyGems	>= 2.7, < 2.7.13	2.7.13

Affected products

Puppetlabs/Puppet2 versions
cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
Puppetlabs/Puppet Enterprise Users2 versions
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*
Puppet (software)/Puppet25 versions
cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
Puppet (software)/Puppet Enterprise9 versions
cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.0:*:*:*:*:*:*:*

Patches

f7829ec1f1b2

Stub mktmpdir and remove_entry_secure in os x package providers

https://github.com/puppetlabs/puppetPatrick CarlisleApr 4, 2012via ghsa

commit

2 files changed · +4 −0

spec/unit/provider/package/appdmg_spec.rb+2 −0 modified

@@ -15,6 +15,8 @@
       fh.stubs(:path).yields "/tmp/foo"
       resource[:source] = "foo.dmg"
       described_class.stubs(:open).yields fh
+      Dir.stubs(:mktmpdir).returns "/tmp/testtmp123"
+      FileUtils.stubs(:remove_entry_secure)
     end
 
     describe "from a remote source" do

spec/unit/provider/package/pkgdmg_spec.rb+2 −0 modified

@@ -35,6 +35,8 @@
       fh.stubs(:path).yields "/tmp/foo"
       resource[:source] = "foo.dmg"
       File.stubs(:open).yields fh
+      Dir.stubs(:mktmpdir).returns "/tmp/testtmp123"
+      FileUtils.stubs(:remove_entry_secure)
     end
 
     it "should fail when a disk image with no system entities is mounted" do

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

projects.puppetlabs.com/issues/13260nvdVendor AdvisoryWEB
puppetlabs.com/security/cve/cve-2012-1906/nvdVendor Advisory
secunia.com/advisories/48743nvdVendor Advisory
secunia.com/advisories/48748nvdVendor Advisory
secunia.com/advisories/48789nvdVendor Advisory
github.com/advisories/GHSA-c4mc-49hq-q275ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2012-1906ghsaADVISORY
puppetlabs.com/security/cve/cve-2012-1906ghsaWEB
exchange.xforce.ibmcloud.com/vulnerabilities/74793nvdWEB
github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27fghsaWEB
github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.ymlghsaWEB
ubuntu.com/usn/usn-1419-1ghsaWEB
web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975ghsaWEB
www.debian.org/security/2012/dsa-2451ghsaWEB
ubuntu.com/usn/usn-1419-1nvd
www.debian.org/security/2012/dsa-2451nvd
www.securityfocus.com/bid/52975nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000