Lucene search

FreeBSD2B2F6092-0694-11E3-9E8E-000C29F6AE42

HistoryJul 05, 2013 - 12:00 a.m.

puppet -- multiple vulnerabilities

2013-07-0500:00:00

vuxml.freebsd.org

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

83.9%

JSON

Puppet Labs reports:

By using the resource_type service, an attacker could
cause puppet to load arbitrary Ruby files from the puppet
master node’s file system. While this behavior is not
enabled by default, auth.conf settings could be modified
to allow it. The exploit requires local file system access
to the Puppet Master.
Puppet Module Tool (PMT) did not correctly control
permissions of modules it installed, instead transferring
permissions that existed when the module was built.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpuppet= 2.7UNKNOWN
FreeBSDanynoarchpuppet< 2.7.23UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	puppet	= 2.7	UNKNOWN
FreeBSD	any	noarch	puppet	< 2.7.23	UNKNOWN

References

puppetlabs.com/security/cve/cve-2013-4761/

puppetlabs.com/security/cve/cve-2013-4956/

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

83.9%

JSON

Related for 2B2F6092-0694-11E3-9E8E-000C29F6AE42