Issue #13606 has been updated by Matthaus Litteken. Status changed from Merged - Pending Release to Closed Private changed from Yes to No
released in 2.7.13 ---------------------------------------- Bug #13606: Telnet provider writes to insecure location https://projects.puppetlabs.com/issues/13606#change-60335 Author: Matthaus Litteken Status: Closed Priority: Normal Assignee: Matthaus Litteken Category: network Target version: 2.7.13 Affected Puppet version: 2.7.0 Keywords: Branch: The telnet.rb file opens a NET::Telnet connection with an output log of /tmp/out.log. That log could be replaced by a symlink anywhere on the system and the puppet user would happily write through the symlink, potentially clobbering data or worse. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
