Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.
{"debian": [{"lastseen": "2022-06-27T06:01:07", "description": "\nI've uploaded new packages for puppet which fixed the following security\nproblems:\n\nCVE-2011-3848\n Resist directory traversal attacks through indirections.\n\n In various versions of Puppet it was possible to cause a directory\n traversal attack through the SSLFile indirection base class. This was\n variously triggered through the user-supplied key, or the Subject of\n the certificate, in the code.\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 2.7.1-1~bpo60+2.\n\nmicah\n\n-- \n\nAttachment:\npgpEZJw86rwIp.pgp\nDescription: PGP signature\n", "cvss3": {}, "published": "2011-09-30T15:12:16", "type": "debian", "title": "[BSA-050] Security Update for puppet", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848"], "modified": "2011-09-30T15:12:16", "id": "DEBIAN:BSA-050:58D2F", "href": "https://lists.debian.org/debian-backports-announce/2011/10/msg00000.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-27T06:00:56", "description": "\nMicah Anderson uploaded new packages for puppet which fixed the\nfollowing security problems:\n\nCVE-2011-3848=20\n Kristian Erik Hermansen reported that an unauthenticated\n directory traversal could drop any valid X.509 Certificate Signing\n Request at any location on disk, with the privileges of the Puppet\n Master application. This was found in the 2.7 series of Puppet, but\n the underlying vulnerability existed in earlier releases and could be\n accessed with different hostile inputs.\n\nCVE-2011-3870=20\n Ricky Zhou discovered a potential local privilege escalation in the\n ssh_authorized_keys resource and theoretically in the Solaris and AIX\n providers, where file ownership was given away before it was written,\n leading to a possibility for a user to overwrite arbitrary files as\n root, if their authorized_keys file was managed.\n\nCVE-2011-3869\n An insecure symlink attack could be made against the k5login type\n which would allow the owner of the home directory to symlink to\n anything on the system, and have it replaced with the =E2=80=9Ccorrect=E2=\n=80=9D\n content of the file, which can lead to a privilege escalation on\n puppet runs.\n\nCVE-2011-3871\n A potential local privilege escalation was found in the --edit mode of\n 'puppet resource' due to a persistant, predictable file name, which\n can result in editing an arbitrary target file, and thus be be tricked\n into running that arbitrary file as the invoking user. This command is\n most commonly run as root, this leads to a potential privilege\n escalation.\n\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 2.7.1-1~bpo60+3.\n\nAttachment:\npgpeoI4d4aney.pgp\nDescription: PGP signature\n", "cvss3": {}, "published": "2011-10-03T14:58:37", "type": "debian", "title": "[BSA-051] Security update for puppet", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2011-10-03T14:58:37", "id": "DEBIAN:BSA-051:C9465", "href": "https://lists.debian.org/debian-backports-announce/2011/10/msg00002.html", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-10-22T00:12:28", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-2314-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nOct 3, 2011 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : multiple\nProblem type : local/remote\nDebian-specific: no\nDebian bug : none\nCVE IDs : CVE-2011-3848 CVE-2011-3870 CVE-2011-3869 CVE-2011-3871\n\nMultiple security issues have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2011-3848\n\n Kristian Erik Hermansen reported that an unauthenticated\n directory traversal could drop any valid X.509 Certificate Signing\n Request at any location on disk, with the privileges of the Puppet\n Master application.\n\nCVE-2011-3870\n\n Ricky Zhou discovered a potential local privilege escalation in the\n ssh_authorized_keys resource and theoretically in the Solaris and\n AIX providers, where file ownership was given away before it was\n written, leading to a possibility for a user to overwrite arbitrary\n files as root, if their authorized_keys file was managed.\n\nCVE-2011-3869\n\n A predictable file name in the k5login type leads to the possibility\n of symlink attacks which would allow the owner of the home directory\n to symlink to anything on the system, and have it replaced with the\n "correct" content of the file, which can lead to a privilege escalation\n on puppet runs.\n\nCVE-2011-3871\n\n A potential local privilege escalation was found in the --edit mode\n of 'puppet resource' due to a persistant, predictable file name,\n which can result in editing an arbitrary target file, and thus be\n be tricked into running that arbitrary file as the invoking\n user. This command is most commonly run as root, this leads to a\n potential privilege escalation.\n\n\nAdditionally, this update hardens the indirector file backed terminus base\nclass against injection attacks based on trusted path names.\n\n\nFor the oldstable distribution (lenny), this problem will be fixed soon.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\n\nFor the testing distribution (wheezy), this has been fixed in\nversion 2.7.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.3-3.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-10-03T17:13:49", "type": "debian", "title": "[SECURITY] [DSA 2314-1] puppet security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2011-10-03T17:13:49", "id": "DEBIAN:DSA-2314-1:D9918", "href": "https://lists.debian.org/debian-security-announce/2011/msg00191.html", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:59:48", "description": "Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-09-29T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerability (USN-1217-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:puppet-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1217-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1217-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56332);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3848\");\n script_xref(name:\"USN\", value:\"1217-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerability (USN-1217-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kristian Erik Hermansen discovered a directory traversal vulnerability\nin the SSLFile indirection base class. A remote attacker could exploit\nthis to overwrite files with the privileges of the Puppet Master.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1217-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"puppet-common\", pkgver:\"0.25.4-2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"puppet-common\", pkgver:\"2.6.1-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"puppet-common\", pkgver:\"2.6.4-2ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:55", "description": "A directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_PUPPET-111005.NASL", "href": "https://www.tenable.com/plugins/nessus/75998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update puppet-5243.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75998);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3848\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)\");\n script_summary(english:\"Check for the puppet-5243 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A directory traversal vulnerability in puppet allowed unauthenticated\nremote attackers to upload x.509 certificate signing requests to\narbitrary locations (CVE-2011-3848)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-2.6.4-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-server-2.6.4-4.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:33", "description": "A directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_PUPPET-111005.NASL", "href": "https://www.tenable.com/plugins/nessus/75714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update puppet-5243.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75714);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3848\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)\");\n script_summary(english:\"Check for the puppet-5243 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A directory traversal vulnerability in puppet allowed unauthenticated\nremote attackers to upload x.509 certificate signing requests to\narbitrary locations (CVE-2011-3848)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"puppet-0.25.4-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"puppet-server-0.25.4-4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:59:50", "description": "Multiple security issues have been discovered in Puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X.509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.\n\n - CVE-2011-3870 Ricky Zhou discovered a potential local privilege escalation in the ssh_authorized_keys resource and theoretically in the Solaris and AIX providers, where file ownership was given away before it was written, leading to a possibility for a user to overwrite arbitrary files as root, if their authorized_keys file was managed.\n\n - CVE-2011-3869 A predictable file name in the k5login type leads to the possibility of symlink attacks which would allow the owner of the home directory to symlink to anything on the system, and have it replaced with the'correct' content of the file, which can lead to a privilege escalation on puppet runs.\n\n - CVE-2011-3871 A potential local privilege escalation was found in the\n --edit mode of 'puppet resource' due to a persistent, predictable file name, which can result in editing an arbitrary target file, and thus be be tricked into running that arbitrary file as the invoking user. This command is most commonly run as root, this leads to a potential privilege escalation.\n\nAdditionally, this update hardens the indirector file backed terminus base class against injection attacks based on trusted path names.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-04T00:00:00", "type": "nessus", "title": "Debian DSA-2314-1 : puppet - multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puppet", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2314.NASL", "href": "https://www.tenable.com/plugins/nessus/56381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2314. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56381);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_bugtraq_id(49860, 49909);\n script_xref(name:\"DSA\", value:\"2314\");\n\n script_name(english:\"Debian DSA-2314-1 : puppet - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2011-3848\n Kristian Erik Hermansen reported that an unauthenticated\n directory traversal could drop any valid X.509\n Certificate Signing Request at any location on disk,\n with the privileges of the Puppet Master application.\n\n - CVE-2011-3870\n Ricky Zhou discovered a potential local privilege\n escalation in the ssh_authorized_keys resource and\n theoretically in the Solaris and AIX providers, where\n file ownership was given away before it was written,\n leading to a possibility for a user to overwrite\n arbitrary files as root, if their authorized_keys file\n was managed.\n\n - CVE-2011-3869\n A predictable file name in the k5login type leads to the\n possibility of symlink attacks which would allow the\n owner of the home directory to symlink to anything on\n the system, and have it replaced with the'correct'\n content of the file, which can lead to a privilege\n escalation on puppet runs.\n\n - CVE-2011-3871\n A potential local privilege escalation was found in the\n --edit mode of 'puppet resource' due to a persistent,\n predictable file name, which can result in editing an\n arbitrary target file, and thus be be tricked into\n running that arbitrary file as the invoking user. This\n command is most commonly run as root, this leads to a\n potential privilege escalation.\n\nAdditionally, this update hardens the indirector file backed terminus\nbase class against injection attacks based on trusted path names.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2314\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the puppet packages.\n\nFor the oldstable distribution (lenny), this problem will be fixed\nsoon.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"puppet\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-common\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-el\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-testsuite\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppetmaster\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vim-puppet\", reference:\"2.6.2-5+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:23", "description": "The following security issues have been fixed :\n\n - Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master.\n Compromised or rogue puppet agents could therefore use their certificates for MITM attacks. (CVE-2011-3872)\n\n Note: If you've set the 'certdnsnames' option in your master's puppet.conf file merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents.\n\n Please refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.\n 0.5 for detailed instructions and scripts.\n\n Puppetlabs' site also provides more information:\n http://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announceme nt-altnames-vulnerability/\n\n - Directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations.\n (CVE-2011-3848)\n\n - Puppet was prone to several symlink attacks (CVE-2011-3870 / CVE-2011-3869 / CVE-2011-3871)", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : puppet (SAT Patch Number 5421)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:puppet", "p-cpe:/a:novell:suse_linux:11:puppet-server", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PUPPET-111111.NASL", "href": "https://www.tenable.com/plugins/nessus/57129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57129);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\");\n\n script_name(english:\"SuSE 11.1 Security Update : puppet (SAT Patch Number 5421)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues have been fixed :\n\n - Puppet's certificate authority issued Puppet agent\n certificates capable of impersonating the Puppet master.\n Compromised or rogue puppet agents could therefore use\n their certificates for MITM attacks. (CVE-2011-3872)\n\n Note: If you've set the 'certdnsnames' option in your\n master's puppet.conf file merely installing the updated\n packages is not sufficient to fix this problem. You need\n to either pick a new DNS name for the master and\n reconfigure all agents to use it or re-new certificates\n on all agents.\n\n Please refer to the documentation in\n /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.\n 0.5 for detailed instructions and scripts.\n\n Puppetlabs' site also provides more information:\n http://puppetlabs.com/security/cve/cve-2011-3872/faq/\n http://puppetlabs.com/blog/important-security-announceme\n nt-altnames-vulnerability/\n\n - Directory traversal vulnerability in puppet allowed\n unauthenticated remote attackers to upload x.509\n certificate signing requests to arbitrary locations.\n (CVE-2011-3848)\n\n - Puppet was prone to several symlink attacks\n (CVE-2011-3870 / CVE-2011-3869 / CVE-2011-3871)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3870.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3872.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5421.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"puppet-2.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"puppet-2.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-2.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-server-2.6.12-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:31", "description": "Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks (CVE-2011-3872). \n\nNote: If you've set the 'certdnsnames' option in your master's puppet.conf file merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents.\n\nPlease refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for detailed instructions and scripts. \n\nPuppetlabs' site also provides more information:\nhttp://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announcement-altnames-vu lnerability/\n\n--\n\nDirectory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848)\n\nPuppet was prone to several symlink attacks (CVE-2011-3870, CVE-2011-3869, CVE-2011-3871)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_PUPPET-111110.NASL", "href": "https://www.tenable.com/plugins/nessus/75999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update puppet-5403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75999);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)\");\n script_summary(english:\"Check for the puppet-5403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet's certificate authority issued Puppet agent certificates\ncapable of impersonating the Puppet master. Compromised or rogue\npuppet agents could therefore use their certificates for MITM attacks\n(CVE-2011-3872). \n\nNote: If you've set the 'certdnsnames' option in your master's\npuppet.conf file merely installing the updated packages is not\nsufficient to fix this problem. You need to either pick a new DNS name\nfor the master and reconfigure all agents to use it or re-new\ncertificates on all agents.\n\nPlease refer to the documentation in\n/usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for\ndetailed instructions and scripts. \n\nPuppetlabs' site also provides more information:\nhttp://puppetlabs.com/security/cve/cve-2011-3872/faq/\nhttp://puppetlabs.com/blog/important-security-announcement-altnames-vu\nlnerability/\n\n--\n\nDirectory traversal vulnerability in puppet allowed unauthenticated\nremote attackers to upload x.509 certificate signing requests to\narbitrary locations (CVE-2011-3848)\n\nPuppet was prone to several symlink attacks (CVE-2011-3870,\nCVE-2011-3869, CVE-2011-3871)\"\n );\n # http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c17e853\"\n );\n # http://puppetlabs.com/security/cve/cve-2011-3872/faq/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2011-3872/faq\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-2.6.4-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-server-2.6.4-4.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:53", "description": "Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks (CVE-2011-3872). \n\nNote: If you've set the 'certdnsnames' option in your master's puppet.conf file merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents.\n\nPlease refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for detailed instructions and scripts. \n\nPuppetlabs' site also provides more information:\nhttp://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announcement-altnames-vu lnerability/\n\n--\n\nDirectory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848)\n\nPuppet was prone to several symlink attacks (CVE-2011-3870, CVE-2011-3869, CVE-2011-3871)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_PUPPET-111110.NASL", "href": "https://www.tenable.com/plugins/nessus/75715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update puppet-5403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75715);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)\");\n script_summary(english:\"Check for the puppet-5403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet's certificate authority issued Puppet agent certificates\ncapable of impersonating the Puppet master. Compromised or rogue\npuppet agents could therefore use their certificates for MITM attacks\n(CVE-2011-3872). \n\nNote: If you've set the 'certdnsnames' option in your master's\npuppet.conf file merely installing the updated packages is not\nsufficient to fix this problem. You need to either pick a new DNS name\nfor the master and reconfigure all agents to use it or re-new\ncertificates on all agents.\n\nPlease refer to the documentation in\n/usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for\ndetailed instructions and scripts. \n\nPuppetlabs' site also provides more information:\nhttp://puppetlabs.com/security/cve/cve-2011-3872/faq/\nhttp://puppetlabs.com/blog/important-security-announcement-altnames-vu\nlnerability/\n\n--\n\nDirectory traversal vulnerability in puppet allowed unauthenticated\nremote attackers to upload x.509 certificate signing requests to\narbitrary locations (CVE-2011-3848)\n\nPuppet was prone to several symlink attacks (CVE-2011-3870,\nCVE-2011-3869, CVE-2011-3871)\"\n );\n # http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c17e853\"\n );\n # http://puppetlabs.com/security/cve/cve-2011-3872/faq/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2011-3872/faq\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"puppet-0.25.4-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"puppet-server-0.25.4-4.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:56", "description": "The remote host is affected by the vulnerability described in GLSA-201203-03 (Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A local attacker could gain elevated privileges, or access and modify arbitrary files. Furthermore, a remote attacker may be able to spoof a Puppet Master or write X.509 Certificate Signing Requests to arbitrary locations.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-06T00:00:00", "type": "nessus", "title": "GLSA-201203-03 : Puppet: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3564", "CVE-2010-0156", "CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:puppet", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201203-03.NASL", "href": "https://www.tenable.com/plugins/nessus/58213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58213);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3564\", \"CVE-2010-0156\", \"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\", \"CVE-2012-1053\", \"CVE-2012-1054\");\n script_bugtraq_id(36628, 38474, 49860, 49909, 50356, 52158);\n script_xref(name:\"GLSA\", value:\"201203-03\");\n\n script_name(english:\"GLSA-201203-03 : Puppet: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-03\n(Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Puppet. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could gain elevated privileges, or access and modify\n arbitrary files. Furthermore, a remote attacker may be able to spoof a\n Puppet Master or write X.509 Certificate Signing Requests to arbitrary\n locations.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Puppet users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.11'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/puppet\", unaffected:make_list(\"ge 2.7.11\"), vulnerable:make_list(\"lt 2.7.11\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Puppet\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T13:10:40", "description": "Kristian Erik Hermansen discovered a directory traversal vulnerability in \nthe SSLFile indirection base class. A remote attacker could exploit this to \noverwrite files with the privileges of the Puppet Master.\n", "cvss3": {}, "published": "2011-09-29T00:00:00", "type": "ubuntu", "title": "Puppet vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848"], "modified": "2011-09-29T00:00:00", "id": "USN-1217-1", "href": "https://ubuntu.com/security/notices/USN-1217-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-12-04T11:27:13", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1217-1", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1217-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840757", "href": "http://plugins.openvas.org/nasl.php?oid=840757", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1217_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for puppet USN-1217-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kristian Erik Hermansen discovered a directory traversal vulnerability in\n the SSLFile indirection base class. A remote attacker could exploit this to\n overwrite files with the privileges of the Puppet Master.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1217-1\";\ntag_affected = \"puppet on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1217-1/\");\n script_id(840757);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_xref(name: \"USN\", value: \"1217-1\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2011-3848\");\n script_name(\"Ubuntu Update for puppet USN-1217-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:04", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1217-1", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1217-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840757", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840757", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1217_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1217-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1217-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840757\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_xref(name:\"USN\", value:\"1217-1\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2011-3848\");\n script_name(\"Ubuntu Update for puppet USN-1217-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1217-1\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Kristian Erik Hermansen discovered a directory traversal vulnerability in\n the SSLFile indirection base class. A remote attacker could exploit this to\n overwrite files with the privileges of the Puppet Master.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:55:24", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2314-1.", "cvss3": {}, "published": "2011-10-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2314-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70403", "href": "http://plugins.openvas.org/nasl.php?oid=70403", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2314_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2314-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security issues have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2011-3848\n\nKristian Erik Hermansen reported that an unauthenticated\ndirectory traversal could drop any valid X.509 Certificate Signing\nRequest at any location on disk, with the privileges of the Puppet\nMaster application.\n\nCVE-2011-3870\n\nRicky Zhou discovered a potential local privilege escalation in the\nssh_authorized_keys resource and theoretically in the Solaris and\nAIX providers, where file ownership was given away before it was\nwritten, leading to a possibility for a user to overwrite arbitrary\nfiles as root, if their authorized_keys file was managed.\n\nCVE-2011-3869\n\nA predictable file name in the k5login type leads to the possibility\nof symlink attacks which would allow the owner of the home directory\nto symlink to anything on the system, and have it replaced with the\ncorrect content of the file, which can lead to a privilege escalation\non puppet runs.\n\nCVE-2011-3871\n\nA potential local privilege escalation was found in the --edit mode\nof 'puppet resource' due to a persistent, predictable file name,\nwhich can result in editing an arbitrary target file, and thus be\nbe tricked into running that arbitrary file as the invoking\nuser. This command is most commonly run as root, this leads to a\npotential privilege escalation.\n\n\nAdditionally, this update hardens the indirector file backed terminus base\nclass against injection attacks based on trusted path names.\n\n\nFor the oldstable distribution (lenny), this problem will be fixed soon.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\n\nFor the testing distribution (wheezy), this has been fixed in\nversion 2.7.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.3-3.\n\nWe recommend that you upgrade your puppet packages.\";\ntag_summary = \"The remote host is missing an update to puppet\nannounced via advisory DSA 2314-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202314-1\";\n\n\nif(description)\n{\n script_id(70403);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-16 23:01:53 +0200 (Sun, 16 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\");\n script_name(\"Debian Security Advisory DSA 2314-1 (puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:02", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2314-1.", "cvss3": {}, "published": "2011-10-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2314-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070403", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070403", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2314_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2314-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70403\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-16 23:01:53 +0200 (Sun, 16 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\");\n script_name(\"Debian Security Advisory DSA 2314-1 (puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202314-1\");\n script_tag(name:\"insight\", value:\"Multiple security issues have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2011-3848\n\nKristian Erik Hermansen reported that an unauthenticated\ndirectory traversal could drop any valid X.509 Certificate Signing\nRequest at any location on disk, with the privileges of the Puppet\nMaster application.\n\nCVE-2011-3870\n\nRicky Zhou discovered a potential local privilege escalation in the\nssh_authorized_keys resource and theoretically in the Solaris and\nAIX providers, where file ownership was given away before it was\nwritten, leading to a possibility for a user to overwrite arbitrary\nfiles as root, if their authorized_keys file was managed.\n\nCVE-2011-3869\n\nA predictable file name in the k5login type leads to the possibility\nof symlink attacks which would allow the owner of the home directory\nto symlink to anything on the system, and have it replaced with the\ncorrect content of the file, which can lead to a privilege escalation\non puppet runs.\n\nCVE-2011-3871\n\nA potential local privilege escalation was found in the --edit mode\nof 'puppet resource' due to a persistent, predictable file name,\nwhich can result in editing an arbitrary target file, and thus be\nbe tricked into running that arbitrary file as the invoking\nuser. This command is most commonly run as root, this leads to a\npotential privilege escalation.\n\n\nAdditionally, this update hardens the indirector file backed terminus base\nclass against injection attacks based on trusted path names.\n\n\nFor the oldstable distribution (lenny), this problem will be fixed soon.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\n\nFor the testing distribution (wheezy), this has been fixed in\nversion 2.7.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.3-3.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your puppet packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to puppet\nannounced via advisory DSA 2314-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:24", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13633", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863586", "href": "http://plugins.openvas.org/nasl.php?oid=863586", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13633\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 14\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html\");\n script_id(863586);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-13633\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13633\");\n\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13633", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863586", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13633\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863586\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-13633\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13633\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863587", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863587\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-13636\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13636\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:27", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863587", "href": "http://plugins.openvas.org/nasl.php?oid=863587", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 15\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html\");\n script_id(863587);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-13636\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13636\");\n\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-14994", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848", "CVE-2011-3872"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-14994\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069454.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863628\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:34:47 +0530 (Mon, 21 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-14994\");\n script_cve_id(\"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-14994\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-15000", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848", "CVE-2011-3872"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863634", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863634", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-15000\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069488.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863634\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:35:10 +0530 (Mon, 21 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-15000\");\n script_cve_id(\"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-15000\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:53", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2011-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-14994", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848", "CVE-2011-3872"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863628", "href": "http://plugins.openvas.org/nasl.php?oid=863628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-14994\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 15\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069454.html\");\n script_id(863628);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:34:47 +0530 (Mon, 21 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-14994\");\n script_cve_id(\"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-14994\");\n\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:47", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2011-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-15000", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848", "CVE-2011-3872"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863634", "href": "http://plugins.openvas.org/nasl.php?oid=863634", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-15000\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 14\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069488.html\");\n script_id(863634);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:35:10 +0530 (Mon, 21 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-15000\");\n script_cve_id(\"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-15000\");\n\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-2367", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2011-3869", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863765", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2367\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075036.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863765\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 12:41:11 +0530 (Mon, 12 Mar 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2011-3872\", \"CVE-2011-3869\",\n \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-2367\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2367\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:56:52", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-2367", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2011-3869", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:863765", "href": "http://plugins.openvas.org/nasl.php?oid=863765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2367\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 15\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075036.html\");\n script_id(863765);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 12:41:11 +0530 (Mon, 12 Mar 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2011-3872\", \"CVE-2011-3869\",\n \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-2367\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2367\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-03.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-03 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2011-3869", "CVE-2009-3564", "CVE-2010-0156", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071187", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071187", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201203_03.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71187\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3564\", \"CVE-2010-0156\", \"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\", \"CVE-2012-1053\", \"CVE-2012-1054\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-03 (puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in Puppet, the worst of\n which might allow local attackers to gain escalated privileges.\");\n script_tag(name:\"solution\", value:\"All Puppet users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.11'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-03\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=303729\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=308031\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=384859\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=385149\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=388161\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=403963\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201203-03.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-admin/puppet\", unaffected: make_list(\"ge 2.7.11\"), vulnerable: make_list(\"lt 2.7.11\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:13", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-03.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-03 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2011-3869", "CVE-2009-3564", "CVE-2010-0156", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71187", "href": "http://plugins.openvas.org/nasl.php?oid=71187", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in Puppet, the worst of\n which might allow local attackers to gain escalated privileges.\";\ntag_solution = \"All Puppet users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.11'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=303729\nhttp://bugs.gentoo.org/show_bug.cgi?id=308031\nhttp://bugs.gentoo.org/show_bug.cgi?id=384859\nhttp://bugs.gentoo.org/show_bug.cgi?id=385149\nhttp://bugs.gentoo.org/show_bug.cgi?id=388161\nhttp://bugs.gentoo.org/show_bug.cgi?id=403963\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-03.\";\n\n \n \nif(description)\n{\n script_id(71187);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3564\", \"CVE-2010-0156\", \"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\", \"CVE-2012-1053\", \"CVE-2012-1054\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-03 (puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-admin/puppet\", unaffected: make_list(\"ge 2.7.11\"), vulnerable: make_list(\"lt 2.7.11\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-6055", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2012-1988", "CVE-2011-3869", "CVE-2012-1986", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872", "CVE-2012-1987"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864193", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864193", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-6055\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864193\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:08:13 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1053\",\n \"CVE-2012-1054\", \"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\",\n \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-6055\");\n script_name(\"Fedora Update for puppet FEDORA-2012-6055\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.16~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-11T11:06:24", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-6055", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2012-1988", "CVE-2011-3869", "CVE-2012-1986", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872", "CVE-2012-1987"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864193", "href": "http://plugins.openvas.org/nasl.php?oid=864193", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-6055\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 15\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\");\n script_id(864193);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:08:13 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1053\",\n \"CVE-2012-1054\", \"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\",\n \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-6055\");\n script_name(\"Fedora Update for puppet FEDORA-2012-6055\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.16~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:32:23", "description": "Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x\nbefore 2.7.4 allows remote attackers to write X.509 Certificate Signing\nRequest (CSR) to arbitrary locations via (1) a double-encoded key parameter\nin the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.\n\n#### Bugs\n\n * <https://launchpad.net/bugs/861182>\n", "cvss3": {}, "published": "2011-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3848", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848"], "modified": "2011-09-28T00:00:00", "id": "UB:CVE-2011-3848", "href": "https://ubuntu.com/security/CVE-2011-3848", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:44", "description": "Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "debiancve", "title": "CVE-2011-3848", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848"], "modified": "2011-10-27T20:55:00", "id": "DEBIANCVE:CVE-2011-3848", "href": "https://security-tracker.debian.org/tracker/CVE-2011-3848", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-08-10T07:08:52", "description": "\nMultiple security issues have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\n\n* [CVE-2011-3848](https://security-tracker.debian.org/tracker/CVE-2011-3848)\nKristian Erik Hermansen reported that an unauthenticated\n directory traversal could drop any valid X.509 Certificate Signing\n Request at any location on disk, with the privileges of the Puppet\n Master application.\n* [CVE-2011-3870](https://security-tracker.debian.org/tracker/CVE-2011-3870)\nRicky Zhou discovered a potential local privilege escalation in the\n ssh\\_authorized\\_keys resource and theoretically in the Solaris and\n AIX providers, where file ownership was given away before it was\n written, leading to a possibility for a user to overwrite arbitrary\n files as root, if their authorized\\_keys file was managed.\n* [CVE-2011-3869](https://security-tracker.debian.org/tracker/CVE-2011-3869)\nA predictable file name in the k5login type leads to the possibility\n of symlink attacks which would allow the owner of the home directory\n to symlink to anything on the system, and have it replaced with the\n correct content of the file, which can lead to a privilege escalation\n on puppet runs.\n* [CVE-2011-3871](https://security-tracker.debian.org/tracker/CVE-2011-3871)\nA potential local privilege escalation was found in the --edit mode\n of puppet resource due to a persistent, predictable file name,\n which can result in editing an arbitrary target file, and thus be\n be tricked into running that arbitrary file as the invoking\n user. This command is most commonly run as root, this leads to a\n potential privilege escalation.\n\n\nAdditionally, this update hardens the indirector file backed terminus base\nclass against injection attacks based on trusted path names.\n\n\nFor the oldstable distribution (lenny), this problem will be fixed soon.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\n\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.3-3.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.3-3.\n\n\nWe recommend that you upgrade your puppet packages.\n\n\n", "cvss3": {}, "published": "2011-10-03T00:00:00", "type": "osv", "title": "puppet - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2022-08-10T07:08:46", "id": "OSV:DSA-2314-1", "href": "https://osv.dev/vulnerability/DSA-2314-1", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-10-15T20:25:52", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: puppet-2.6.6-3.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2011-10-15T20:25:52", "id": "FEDORA:767F321514", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YRK3PQ5BXSW7JNKPP5BOMWGSE26SYHYO/", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-10-15T20:28:07", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: puppet-2.6.6-3.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2011-10-15T20:28:07", "id": "FEDORA:9A826216D3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6WF4GSHWNCAIQUAXLYOXHJ7NLYNXEETN/", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-11-19T06:01:24", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: puppet-2.6.12-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2011-11-19T06:01:24", "id": "FEDORA:6EB1C20F73", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P7VCYKXRQZJ7DXKPZ77TVEI7HCJSH6BT/", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-11-19T06:08:55", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: puppet-2.6.12-1.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2011-11-19T06:08:55", "id": "FEDORA:C3C3E2140B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V2UYFECCSHO3HRJ4YFNDNMQ7HTMTJZVR/", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2012-03-10T21:53:21", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: puppet-2.6.14-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-10T21:53:21", "id": "FEDORA:3152C2118A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RUEAPOAHIVJVCVF7GBZZN2FSR2CBTARW/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2012-04-27T06:05:30", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: puppet-2.6.16-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2012-04-27T06:05:30", "id": "FEDORA:110DC20B57", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6NY6HN6AW45M3ALEWMFLCG7KL7A35SBY/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:13:06", "description": "### Background\n\nPuppet is a system configuration management tool written in Ruby.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could gain elevated privileges, or access and modify arbitrary files. Furthermore, a remote attacker may be able to spoof a Puppet Master or write X.509 Certificate Signing Requests to arbitrary locations. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Puppet users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/puppet-2.7.11\"", "cvss3": {}, "published": "2012-03-06T00:00:00", "type": "gentoo", "title": "Puppet: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3564", "CVE-2010-0156", "CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-06T00:00:00", "id": "GLSA-201203-03", "href": "https://security.gentoo.org/glsa/201203-03", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2011-3848
