Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.ALA_ALAS-2012-135.NASL
HistorySep 04, 2013 - 12:00 a.m.

Amazon Linux AMI : puppet (ALAS-2012-135)

2013-09-0400:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
13
JSON

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a … (dot dot) in a node name.

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user’s certificate and private key in a GET request.

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2012-135.
#

include("compat.inc");

if (description)
{
  script_id(69625);
  script_version("1.5");
  script_cvs_date("Date: 2018/04/18 15:09:34");

  script_cve_id("CVE-2012-3864", "CVE-2012-3865", "CVE-2012-3866", "CVE-2012-3867");
  script_xref(name:"ALAS", value:"2012-135");

  script_name(english:"Amazon Linux AMI : puppet (ALAS-2012-135)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Directory traversal vulnerability in lib/puppet/reports/store.rb in
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise
before 2.5.2, when Delete is enabled in auth.conf, allows remote
authenticated users to delete arbitrary files on the puppet master
server via a .. (dot dot) in a node name.

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise
before 2.5.2, allows remote authenticated users to read arbitrary
files on the puppet master server by leveraging an arbitrary user's
certificate and private key in a GET request.

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and
2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not
properly restrict the characters in the Common Name field of a
Certificate Signing Request (CSR), which makes it easier for
user-assisted remote attackers to trick administrators into signing a
crafted agent certificate via ANSI control sequences.

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet
Enterprise before 2.5.2, uses 0644 permissions for
last_run_report.yaml, which allows local users to obtain sensitive
configuration information by leveraging access to the puppet master
server to read this file."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2012-135.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update puppet' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:puppet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:puppet-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:puppet-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"puppet-2.7.18-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"puppet-debuginfo-2.7.18-1.9.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"puppet-server-2.7.18-1.9.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "puppet / puppet-debuginfo / puppet-server");
}
VendorProductVersionCPE
amazonlinuxpuppetp-cpe:/a:amazon:linux:puppet
amazonlinuxpuppet-debuginfop-cpe:/a:amazon:linux:puppet-debuginfo
amazonlinuxpuppet-serverp-cpe:/a:amazon:linux:puppet-server
amazonlinuxcpe:/o:amazon:linux

Related

nessus 8
freebsd 2
amazon 1
debian 1
openvas 14
securityvulns 2
osv 4
ubuntu 1
suse 1
fedora 3
prion 4
cve 4
ubuntucve 4
github 3
debiancve 4
nessus
nessus
FreeBSD : puppet -- multiple vulnerabilities (3a6960ef-c8a8-11e1-9924-001fd0af1a4c)
2012-07-11 00:00:00
openSUSE Security Update : puppet (openSUSE-SU-2012:0891-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : puppet vulnerabilities (USN-1506-1)
2012-07-13 00:00:00
freebsd
freebsd
puppet -- multiple vulnerabilities
2012-07-05 00:00:00
puppet -- multiple vulnerabilities
2012-07-10 00:00:00
amazon
amazon
Low: puppet
2012-10-15 12:29:00
debian
debian
[SECURITY] [DSA 2511-1] puppet security update
2012-07-12 18:55:52
openvas
openvas
Debian: Security Advisory (DSA-2511-1)
2012-08-10 00:00:00
FreeBSD Ports: puppet
2012-08-10 00:00:00
Ubuntu: Security Advisory (USN-1506-1)
2012-07-16 00:00:00
securityvulns
securityvulns
[USN-1506-1] Puppet vulnerabilities
2012-07-16 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2012-07-16 00:00:00
osv
osv
puppet - several
2012-07-12 00:00:00
Puppet allows local users to obtain sensitive configuration information
2017-10-24 18:33:37
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
2017-10-24 18:33:37
ubuntu
ubuntu
Puppet vulnerabilities
2012-07-12 00:00:00
suse
suse
Security update for puppet (important)
2012-08-13 19:08:37
fedora
fedora
[SECURITY] Fedora 17 Update: puppet-2.7.18-1.fc17
2012-07-28 01:20:31
[SECURITY] Fedora 16 Update: puppet-2.6.17-2.fc16
2012-07-28 01:17:34
[SECURITY] Fedora 17 Update: puppet-2.7.21-2.fc17
2013-03-30 21:31:30
prion
prion
Design/Logic Flaw
2012-08-06 16:55:00
Directory traversal
2012-08-06 16:55:00
Design/Logic Flaw
2012-08-06 16:55:00
cve
cve
CVE-2012-3866
2012-08-06 16:55:00
CVE-2012-3867
2012-08-06 16:55:00
CVE-2012-3865
2012-08-06 16:55:00
ubuntucve
ubuntucve
CVE-2012-3866
2012-07-12 00:00:00
CVE-2012-3867
2012-07-12 00:00:00
CVE-2012-3865
2012-07-12 00:00:00
github
github
Puppet allows local users to obtain sensitive configuration information
2017-10-24 18:33:37
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
2017-10-24 18:33:37
Puppet vulnerable to Path Traversal
2017-10-24 18:33:37
debiancve
debiancve
CVE-2012-3866
2012-08-06 16:55:00
CVE-2012-3867
2012-08-06 16:55:00
CVE-2012-3865
2012-08-06 16:55:00
JSON
Related for ALA_ALAS-2012-135.NASL
nessus8freebsd2amazon1debian1openvas14securityvulns2osv4ubuntu1suse1fedora3prion4cve4ubuntucve4github3debiancve4