CVE-2009-3564

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2009-3564

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-3564.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2009-3564

Downstream

DEBIAN-CVE-2009-3564

Published

2009-10-06T17:30:00Z

Modified

2026-04-10T03:40:55.965734Z

Summary

[none]

Details

puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.

References

http://projects.reductivelabs.com/issues/1806
https://bugzilla.redhat.com/show_bug.cgi?id=475201
https://puppet.com/security/cve/cve-2009-3564
https://bugzilla.redhat.com/show_bug.cgi?id=475201
http://projects.reductivelabs.com/issues/1806
https://bugzilla.redhat.com/show_bug.cgi?id=475201

CVE-2009-3564

Affected packages