DEBIAN-CVE-2011-3870

DEBIAN-CVE-2011-3870 PUBLISHED

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.

Affected Products

Vendor	Product	Versions
Debian:11	puppet	0, 0, 0

Timeline

Oct 27, 2011 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2011-3870 advisory

Open in Interactive Console →