Miggo Logo
Miggo Vulnerability Database
CVE-2010-0156

CVE-2010-0156: Puppet arbitrary files overwrite via a symlink attack

3.3

CVSS Score

Basic Information

CVE ID
CVE-2010-0156
GHSA ID
GHSA-vrh7-99jh-3fmm
EPSS Score
0.12103%
CWE
CWE-59
Published
5/2/2022
Updated
2/7/2024
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:L/AC:M/Au:N/C:N/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
puppetrubygems>= 0.24.0, < 0.24.90.24.9
puppetrubygems>= 0.25.0, < 0.25.20.25.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from using File.open with predictable temporary file paths without proper symlink checks. The patch replaced these calls with Puppet::Util.secure_open which adds symlink validation, deletion of existing files/symlinks, and atomic file creation. The affected functions were clearly identified in the commit diffs modifying daemon.rb and reference.rb. High confidence comes from direct evidence in patch changes and CVE description matching the file operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pupp*t *.**.x ***or* *.**.* *n* *.**.x ***or* *.**.* *llows lo**l us*rs to ov*rwrit* *r*itr*ry *il*s vi* * symlink *tt**k on t** (*) /tmp/***monout, (*) /tmp/pupp*t*o*.txt, (*) /tmp/pupp*t*o*.t*x, or (*) /tmp/pupp*t*o*.*ux t*mpor*ry *il*.

Reasoning

T** vuln*r**ility st*mm** *rom usin* `*il*.op*n` wit* pr**i*t**l* t*mpor*ry *il* p*t*s wit*out prop*r symlink ****ks. T** p*t** r*pl**** t**s* **lls wit* `Pupp*t::Util.s**ur*_op*n` w*i** ***s symlink v*li**tion, **l*tion o* *xistin* *il*s/symlinks, *