{"id": "PUPPET_CVE_2013-4969.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Puppet Symlink File Overwrite", "description": "According to its self-reported version number, the Puppet install on the remote host is potentially affected by an error related to temporary files and their use. A local attacker could potentially use a symlink attack to overwrite arbitrary files.", "published": "2014-01-27T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/72151", "reporter": "This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.", "references": ["https://puppet.com/security/cve/cve-2013-4969", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969"], "cvelist": ["CVE-2013-4969"], "immutableFields": [], "lastseen": "2021-08-19T12:51:25", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2014-288"]}, {"type": "cve", "idList": ["CVE-2013-4969"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2831-1:D96A1", "DEBIAN:DSA-2831-2:52A72", "DEBIAN:DSA-2831-2:5C4DB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-4969"]}, {"type": "fedora", "idList": ["FEDORA:7C80E227B5", "FEDORA:A922A219BF"]}, {"type": "nessus", "idList": ["ALA_ALAS-2014-288.NASL", "DEBIAN_DSA-2831.NASL", "FEDORA_2014-0825.NASL", "FEDORA_2014-0850.NASL", "MANDRIVA_MDVSA-2014-040.NASL", "PUPPET_ENTERPRISE_311.NASL", "SUSE_11_PUPPET-140630.NASL", "UBUNTU_USN-2077-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120009", "OPENVAS:1361412562310702831", "OPENVAS:1361412562310841684", "OPENVAS:1361412562310867255", "OPENVAS:702831", "OPENVAS:841684", "OPENVAS:867255"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30157", "SECURITYVULNS:VULN:13480"]}, {"type": "seebug", "idList": ["SSV:61236"]}, {"type": "ubuntu", "idList": ["USN-2077-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-4969"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2013-4969"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2831-2:5C4DB"]}, {"type": "fedora", "idList": ["FEDORA:7C80E227B5"]}, {"type": "nessus", "idList": ["FEDORA_2014-0850.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702831"]}, {"type": "seebug", "idList": ["SSV:61236"]}]}, "exploitation": null, "vulnersScore": 5.2}, "pluginID": "72151", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72151);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4969\");\n script_bugtraq_id(64552);\n\n script_name(english:\"Puppet Symlink File Overwrite\");\n script_summary(english:\"Checks puppet version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A web application on the remote host is potentially affected by a file\noverwrite vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version number, the Puppet install on\nthe remote host is potentially affected by an error related to temporary\nfiles and their use. A local attacker could potentially use a symlink\nattack to overwrite arbitrary files.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2013-4969\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Puppet 3.3.3 / 3.4.1 or Puppet Enterprise 2.8.4 / 3.1.1 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:puppetlabs:puppet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"puppet_rest_detect.nasl\");\n script_require_keys(\"puppet/rest_port\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n##\n# checks if the given version falls between the given bounds, and\n# generates plugin output if it does\n#\n# @anonparam ver version to check\n# @anonparam fix first fixed version\n# @anonparam min_ver the lowest/earliest vulnerable version, relative to 'fix' (optional)\n#\n# @return plugin output if 'ver' is vulnerable relative to 'fix' and/or 'min_ver',\n# NULL otherwise\n##\nfunction _check_version(enterprise)\n{\n local_var ver, fix, min_ver, major_ver, report;\n ver = _FCT_ANON_ARGS[0];\n fix = _FCT_ANON_ARGS[1];\n min_ver = _FCT_ANON_ARGS[2];\n\n if (\n # no lower bound\n (isnull(min_ver) &&\n ver_compare(ver:ver, fix:fix, strict:FALSE) < 0) ||\n\n # lower bound\n (!isnull(min_ver) &&\n ver_compare(ver:ver, fix:fix, strict:FALSE) < 0 &&\n ver_compare(ver:ver, fix:min_ver, strict:FALSE) >= 0)\n )\n {\n if (enterprise)\n {\n report =\n '\\n Installed version : Puppet Enterprise ' + ver +\n '\\n Fixed version : Puppet Enterprise ' + fix + '\\n';\n }\n else\n {\n report =\n '\\n Installed version : Puppet Open Source ' + ver +\n '\\n Fixed version : Puppet Open Source ' + fix + '\\n';\n }\n }\n else report = NULL;\n\n return report;\n}\n\nport = get_kb_item_or_exit('puppet/rest_port');\nver = get_kb_item_or_exit('puppet/' + port + '/version');\nreport = NULL;\nvuln = FALSE;\n\nif ('Enterprise' >< ver)\n{\n # convert something like\n # 2.7.19 (Puppet Enterprise 2.7.0)\n # to\n # 2.7.0\n match = eregmatch(string:ver, pattern:\"Enterprise ([0-9.]+)\\)\");\n if (isnull(match)) audit(AUDIT_UNKNOWN_WEB_APP_VER, 'Puppet Enterprise', build_url(port:port));\n ver = match[1];\n\n # Resolved in Puppet Enterprise 2.8.4 and 3.1.1\n if (\n (report = _check_version(ver, '2.8.4', enterprise:TRUE)) ||\n (report = _check_version(ver, '3.1.1', '3.1', enterprise:TRUE))\n ) vuln = TRUE;\n}\nelse\n{\n # Do not run against open source unless scan is paranoid\n if (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n # sanity check - make sure the version doesn't include letters or anything else unexpected\n match = eregmatch(string:ver, pattern:\"^([0-9.]+)$\");\n if (isnull(match)) audit(AUDIT_NONNUMERIC_VER, 'Puppet', port, ver);\n ver = match[1];\n\n # Resolved in Puppet 3.3.3, 3.4.1\n if (\n (report = _check_version(ver, '3.3.3')) ||\n (report = _check_version(ver, '3.4.1', '3.4'))\n ) vuln = TRUE;\n}\n\nif (!vuln) audit(AUDIT_LISTEN_NOT_VULN, 'Puppet', port, ver);\n\nif (report_verbosity > 0) security_note(port:port, extra:report);\nelse security_note(port);\n", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:puppetlabs:puppet"], "solution": "Upgrade to Puppet 3.3.3 / 3.4.1 or Puppet Enterprise 2.8.4 / 3.1.1 or later.", "nessusSeverity": "Low", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.4"}, "exploitAvailable": false, "exploitEase": "No exploit is required", "patchPublicationDate": "2013-12-26T00:00:00", "vulnerabilityPublicationDate": "2013-12-26T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"openvas": [{"lastseen": "2019-05-29T18:37:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-01-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-2077-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841684", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2077_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for puppet USN-2077-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841684\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-10 12:03:46 +0530 (Fri, 10 Jan 2014)\");\n script_cve_id(\"CVE-2013-4969\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Ubuntu Update for puppet USN-2077-1\");\n\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 13.10,\n Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"It was discovered that Puppet incorrectly handled temporary files. A local\nattacker could possibly use this issue to overwrite arbitrary files. In the\ndefault installation of Ubuntu, this should be prevented by the Yama link\nrestrictions.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2077-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2077-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.10|12\\.04 LTS|13\\.10|13\\.04)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.18-1ubuntu1.4\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.11-1ubuntu2.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"3.2.4-2ubuntu2.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.18-4ubuntu1.3\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T23:01:04", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-288)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120009", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120009", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120009\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:14:49 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-288)\");\n script_tag(name:\"insight\", value:\"Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.\");\n script_tag(name:\"solution\", value:\"Run yum update puppet to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-288.html\");\n script_cve_id(\"CVE-2013-4969\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.7.25~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"puppet-server\", rpm:\"puppet-server~2.7.25~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"puppet-debuginfo\", rpm:\"puppet-debuginfo~2.7.25~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:02", "description": "An unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.", "cvss3": {}, "published": "2013-12-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310702831", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702831", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2831.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2831-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702831\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-4969\");\n script_name(\"Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-31 00:00:00 +0100 (Tue, 31 Dec 2013)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2831.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"puppet on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze9.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.23-1~deb7u2.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 3.4.0-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.4.0-1.\n\nWe recommend that you upgrade your puppet packages.\");\n script_tag(name:\"summary\", value:\"An unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-12-04T11:16:22", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2014-01-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-2077-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841684", "href": "http://plugins.openvas.org/nasl.php?oid=841684", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2077_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for puppet USN-2077-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841684);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-10 12:03:46 +0530 (Fri, 10 Jan 2014)\");\n script_cve_id(\"CVE-2013-4969\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"Ubuntu Update for puppet USN-2077-1\");\n\n tag_insight = \"It was discovered that Puppet incorrectly handled temporary files. A local\nattacker could possibly use this issue to overwrite arbitrary files. In the\ndefault installation of Ubuntu, this should be prevented by the Yama link\nrestrictions.\";\n\n tag_affected = \"puppet on Ubuntu 13.10 ,\n Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2077-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2077-1/\");\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.18-1ubuntu1.4\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.11-1ubuntu2.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"3.2.4-2ubuntu2.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.18-4ubuntu1.3\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:51:55", "description": "An unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.", "cvss3": {}, "published": "2013-12-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:702831", "href": "http://plugins.openvas.org/nasl.php?oid=702831", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2831.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2831-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"puppet on Debian Linux\";\ntag_insight = \"This package contains the startup script and compatbility scripts for the\npuppet agent, which is the process responsible for configuring the local node.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze9.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.23-1~deb7u2.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 3.4.0-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.4.0-1.\n\nWe recommend that you upgrade your puppet packages.\";\ntag_summary = \"An unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702831);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-4969\");\n script_name(\"Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-12-31 00:00:00 +0100 (Tue, 31 Dec 2013)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2831.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze9\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.23-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-01-27T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2014-0850", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4761", "CVE-2013-4956", "CVE-2013-4969"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867255", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2014-0850\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867255\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-27 11:20:14 +0530 (Mon, 27 Jan 2014)\");\n script_cve_id(\"CVE-2013-4969\", \"CVE-2013-4761\", \"CVE-2013-4956\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for puppet FEDORA-2014-0850\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-0850\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127054.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~3.4.2~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:37", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2014-01-27T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2014-0850", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4761", "CVE-2013-4956", "CVE-2013-4969"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867255", "href": "http://plugins.openvas.org/nasl.php?oid=867255", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2014-0850\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867255);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-27 11:20:14 +0530 (Mon, 27 Jan 2014)\");\n script_cve_id(\"CVE-2013-4969\", \"CVE-2013-4761\", \"CVE-2013-4956\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for puppet FEDORA-2014-0850\");\n\n tag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\ncross-platform specification language that manages all the separate elements\nnormally aggregated in different files, like users, cron jobs, and hosts,\nalong with obviously discrete elements like packages, services, and files.\n\";\n\n tag_affected = \"puppet on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-0850\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127054.html\");\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~3.4.2~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T12:51:35", "description": "Update to 3.4.2 to mitigate CVE-2013-4969\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-01-24T00:00:00", "type": "nessus", "title": "Fedora 19 : puppet-3.4.2-1.fc19 (2014-0850)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-0850.NASL", "href": "https://www.tenable.com/plugins/nessus/72113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-0850.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72113);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4969\");\n script_bugtraq_id(64552);\n script_xref(name:\"FEDORA\", value:\"2014-0850\");\n\n script_name(english:\"Fedora 19 : puppet-3.4.2-1.fc19 (2014-0850)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 3.4.2 to mitigate CVE-2013-4969\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1047792\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127054.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e74ffa3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"puppet-3.4.2-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:19", "description": "A vulnerability has been discovered and corrected in puppet :\n\nPuppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files (CVE-2013-4969).\n\nThe updated packages have been upgraded to the 2.7.25 version which is not vulnerable to this issue.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-19T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : puppet (MDVSA-2014:040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:emacs-puppet", "p-cpe:/a:mandriva:linux:puppet", "p-cpe:/a:mandriva:linux:puppet-server", "p-cpe:/a:mandriva:linux:vim-puppet", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-040.NASL", "href": "https://www.tenable.com/plugins/nessus/72564", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:040. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72564);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4969\");\n script_bugtraq_id(64552);\n script_xref(name:\"MDVSA\", value:\"2014:040\");\n\n script_name(english:\"Mandriva Linux Security Advisory : puppet (MDVSA-2014:040)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in puppet :\n\nPuppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE)\nbefore 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite\narbitrary files via a symlink attack on unspecified files\n(CVE-2013-4969).\n\nThe updated packages have been upgraded to the 2.7.25 version which is\nnot vulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2013-4969\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:emacs-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vim-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"emacs-puppet-2.7.25-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"puppet-2.7.25-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"puppet-server-2.7.25-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"vim-puppet-2.7.25-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:35", "description": "Update to 3.4.2 to mitigate CVE-2013-4969\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-01-24T00:00:00", "type": "nessus", "title": "Fedora 20 : puppet-3.4.2-1.fc20 (2014-0825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-0825.NASL", "href": "https://www.tenable.com/plugins/nessus/72112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-0825.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72112);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4969\");\n script_bugtraq_id(64552);\n script_xref(name:\"FEDORA\", value:\"2014-0825\");\n\n script_name(english:\"Fedora 20 : puppet-3.4.2-1.fc20 (2014-0825)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 3.4.2 to mitigate CVE-2013-4969\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1047792\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127042.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52dead90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"puppet-3.4.2-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:37", "description": "An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system.", "cvss3": {"score": null, "vector": null}, "published": "2014-01-02T00:00:00", "type": "nessus", "title": "Debian DSA-2831-1 : puppet - insecure temporary files", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puppet", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2831.NASL", "href": "https://www.tenable.com/plugins/nessus/71779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2831. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71779);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4969\");\n script_bugtraq_id(64552);\n script_xref(name:\"DSA\", value:\"2831\");\n\n script_name(english:\"Debian DSA-2831-1 : puppet - insecure temporary files\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2831\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the puppet packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.6.2-5+squeeze9.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.23-1~deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"puppet\", reference:\"2.6.2-5+squeeze9\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-common\", reference:\"2.6.2-5+squeeze9\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-el\", reference:\"2.6.2-5+squeeze9\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-testsuite\", reference:\"2.6.2-5+squeeze9\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppetmaster\", reference:\"2.6.2-5+squeeze9\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vim-puppet\", reference:\"2.6.2-5+squeeze9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppet\", reference:\"2.7.23-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppet-common\", reference:\"2.7.23-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppet-el\", reference:\"2.7.23-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppet-testsuite\", reference:\"2.7.23-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppetmaster\", reference:\"2.7.23-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppetmaster-common\", reference:\"2.7.23-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppetmaster-passenger\", reference:\"2.7.23-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vim-puppet\", reference:\"2.7.23-1~deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-16T02:01:57", "description": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-05T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : puppet (ALAS-2014-288)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:puppet", "p-cpe:/a:amazon:linux:puppet-debuginfo", "p-cpe:/a:amazon:linux:puppet-server", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-288.NASL", "href": "https://www.tenable.com/plugins/nessus/72306", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-288.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72306);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-4969\");\n script_xref(name:\"ALAS\", value:\"2014-288\");\n\n script_name(english:\"Amazon Linux AMI : puppet (ALAS-2014-288)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE)\nbefore 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite\narbitrary files via a symlink attack on unspecified files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-288.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update puppet' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"puppet-2.7.25-1.2.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-debuginfo-2.7.25-1.2.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-server-2.7.25-1.2.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-debuginfo / puppet-server\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:29", "description": "It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-01-07T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : puppet vulnerability (USN-2077-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:puppet-common", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:13.10"], "id": "UBUNTU_USN-2077-1.NASL", "href": "https://www.tenable.com/plugins/nessus/71837", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2077-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71837);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4969\");\n script_xref(name:\"USN\", value:\"2077-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : puppet vulnerability (USN-2077-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Puppet incorrectly handled temporary files. A\nlocal attacker could possibly use this issue to overwrite arbitrary\nfiles. In the default installation of Ubuntu, this should be prevented\nby the Yama link restrictions.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2077-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"puppet-common\", pkgver:\"2.7.11-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"puppet-common\", pkgver:\"2.7.18-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"puppet-common\", pkgver:\"2.7.18-4ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"puppet-common\", pkgver:\"3.2.4-2ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:02", "description": "Puppet was updated to fix the following security issues :\n\n - Unsafe use of temporary files. (CVE-2013-4969)\n\n - Arbitrary code execution with required social engineering. (CVE-2014-3248 / CVE-2014-3250)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-09T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : puppet (SAT Patch Number 9472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4969", "CVE-2014-3248", "CVE-2014-3250"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:puppet", "p-cpe:/a:novell:suse_linux:11:puppet-server", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PUPPET-140630.NASL", "href": "https://www.tenable.com/plugins/nessus/76424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76424);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4969\", \"CVE-2014-3248\", \"CVE-2014-3250\");\n\n script_name(english:\"SuSE 11.3 Security Update : puppet (SAT Patch Number 9472)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet was updated to fix the following security issues :\n\n - Unsafe use of temporary files. (CVE-2013-4969)\n\n - Arbitrary code execution with required social\n engineering. (CVE-2014-3248 / CVE-2014-3250)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=879913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4969.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3250.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9472.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"puppet-2.6.18-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"puppet-2.6.18-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"puppet-2.6.18-0.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"puppet-server-2.6.18-0.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:59", "description": "According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities :\n\n - An input validation error exists related to the included Ruby version, handling string to floating point conversions that could allow denial of service attacks or arbitrary code execution. (CVE-2013-4164)\n\n - An error exists related to the included RubyGems version and 'gem build', 'Gem::Package', and 'Gem::PackageTask' API calls that could allow denial of service attacks. (CVE-2013-4363)\n\n - An error exists in the 'i18n' gem for Ruby that could allow cross-site scripting attacks. (CVE-2013-4491)\n\n - An error exists related to handling temporary files that could allow a local attacker to overwrite files by using a symlink attack. (CVE-2013-4969)\n\n - An error exists related to the included Ruby on Rails, 'Action View', and handling certain headers that could allow denial of service attacks. (CVE-2013-6414)\n\n - An input validation error exists related to the included Ruby on Rails and the 'unit' parameter in the 'number_to_currency' helper that could allow cross-site scripting attacks. (CVE-2013-6415)\n\n - An input validation error exists related to the included Ruby on Rails, JSON parameter parsing and SQL queries that could allow SQL injection attacks.\n (CVE-2013-6417)", "cvss3": {"score": null, "vector": null}, "published": "2014-03-21T00:00:00", "type": "nessus", "title": "Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4164", "CVE-2013-4363", "CVE-2013-4491", "CVE-2013-4969", "CVE-2013-6414", "CVE-2013-6415", "CVE-2013-6417"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:puppetlabs:puppet"], "id": "PUPPET_ENTERPRISE_311.NASL", "href": "https://www.tenable.com/plugins/nessus/73132", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73132);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2013-4164\",\n \"CVE-2013-4363\",\n \"CVE-2013-4491\",\n \"CVE-2013-4969\",\n \"CVE-2013-6414\",\n \"CVE-2013-6415\",\n \"CVE-2013-6417\"\n );\n script_bugtraq_id(62442, 63873, 64074, 64076, 64077, 64106, 64552);\n\n script_name(english:\"Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks Puppet Enterprise version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A web application on the remote host is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version number, the Puppet Enterprise\n3.x install on the remote host is prior to 3.1.1. As a result, it is\nreportedly affected by multiple vulnerabilities :\n\n - An input validation error exists related to the\n included Ruby version, handling string to floating point\n conversions that could allow denial of service attacks\n or arbitrary code execution. (CVE-2013-4164)\n\n - An error exists related to the included RubyGems\n version and 'gem build', 'Gem::Package', and\n 'Gem::PackageTask' API calls that could allow denial\n of service attacks. (CVE-2013-4363)\n\n - An error exists in the 'i18n' gem for Ruby that could\n allow cross-site scripting attacks. (CVE-2013-4491)\n\n - An error exists related to handling temporary files\n that could allow a local attacker to overwrite files by\n using a symlink attack. (CVE-2013-4969)\n\n - An error exists related to the included Ruby on Rails,\n 'Action View', and handling certain headers that could\n allow denial of service attacks. (CVE-2013-6414)\n\n - An input validation error exists related to the\n included Ruby on Rails and the 'unit' parameter in the\n 'number_to_currency' helper that could allow cross-site\n scripting attacks. (CVE-2013-6415)\n\n - An input validation error exists related to the\n included Ruby on Rails, JSON parameter parsing and SQL\n queries that could allow SQL injection attacks.\n (CVE-2013-6417)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://groups.google.com/forum/#!topic/puppet-users/f_gybceSV6E\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2013-4164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2013-4363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2013-4491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2013-4969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2013-6414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2013-6415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2013-6417\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Puppet Enterprise 3.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n \nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:puppetlabs:puppet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"puppet_rest_detect.nasl\");\n script_require_keys(\"puppet/rest_port\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n##\n# checks if the given version falls between the given bounds, and\n# generates plugin output if it does\n#\n# @anonparam ver version to check\n# @anonparam fix first fixed version\n# @anonparam min_ver the lowest/earliest vulnerable version, relative to 'fix' (optional)\n#\n# @return plugin output if 'ver' is vulnerable relative to 'fix' and/or 'min_ver',\n# NULL otherwise\n##\nfunction _check_version(enterprise)\n{\n local_var ver, fix, min_ver, major_ver, report;\n ver = _FCT_ANON_ARGS[0];\n fix = _FCT_ANON_ARGS[1];\n min_ver = _FCT_ANON_ARGS[2];\n\n if (\n # no lower bound\n (isnull(min_ver) && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0) ||\n\n # lower bound\n (\n !isnull(min_ver) &&\n ver_compare(ver:ver, fix:fix, strict:FALSE) < 0 &&\n ver_compare(ver:ver, fix:min_ver, strict:FALSE) >= 0\n )\n )\n {\n if (enterprise)\n {\n report =\n '\\n Installed version : Puppet Enterprise ' + ver +\n '\\n Fixed version : Puppet Enterprise ' + fix + '\\n';\n }\n else report = NULL;\n }\n else report = NULL;\n\n return report;\n}\n\nport = get_kb_item_or_exit('puppet/rest_port');\nver = get_kb_item_or_exit('puppet/' + port + '/version');\nreport = NULL;\nvuln = FALSE;\n\nif ('Enterprise' >< ver)\n{\n # convert something like\n # 2.7.19 (Puppet Enterprise 2.7.0)\n # to\n # 2.7.0\n match = eregmatch(string:ver, pattern:\"Enterprise ([0-9.]+)\\)\");\n if (isnull(match)) audit(AUDIT_UNKNOWN_WEB_APP_VER, 'Puppet Enterprise', build_url(port:port));\n ver = match[1];\n\n # Resolved in Puppet Enterprise 3.1.1\n if (report = _check_version(ver, '3.1.1', '3.0.0', enterprise:TRUE))\n {\n vuln = TRUE;\n }\n}\n\nif (!vuln) audit(AUDIT_LISTEN_NOT_VULN, 'Puppet', port, ver);\n\nset_kb_item(name:'www/'+port+'/XSS', value:TRUE);\nset_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);\n\nif (report_verbosity > 0) security_warning(port:port, extra:report);\nelse security_warning(port);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:37:21", "description": "CVE ID:CVE-2013-4969\r\n\r\npuppet\u662f\u4e00\u6b3eLinux\u3001Unix\u3001windows\u5e73\u53f0\u7684\u96c6\u4e2d\u914d\u7f6e\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nPuppet\u548cPuppet Enterprise\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u4e34\u65f6\u6587\u4ef6\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u4f7f\u7528\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u8986\u76d6\u7cfb\u7edf\u4efb\u610f\u6587\u4ef6\u3002\n0\nPuppet 3.3.2\r\nPuppet 3.4.0\r\nPuppet 2.8.3\r\nPuppet 3.1.0\npuppet 2.8.4\u548c3.1.1\uff0c puppet 3.3.3\u548c3.4.1\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\n\r\nhttp://puppetlabs.com/", "cvss3": {}, "published": "2013-12-30T00:00:00", "type": "seebug", "title": "Puppet/Puppet Enterprise\u4e0d\u5b89\u5168\u4e34\u65f6\u6587\u4ef6\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2013-12-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61236", "id": "SSV:61236", "sourceData": "", "sourceHref": "", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "edition": 2, "cvss3": {}, "published": "2014-01-23T11:10:28", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: puppet-3.4.2-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2014-01-23T11:10:28", "id": "FEDORA:7C80E227B5", "href": "", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "edition": 2, "cvss3": {}, "published": "2014-01-23T11:13:28", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: puppet-3.4.2-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4761", "CVE-2013-4956", "CVE-2013-4969"], "modified": "2014-01-23T11:13:28", "id": "FEDORA:A922A219BF", "href": "", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2831-1 security@debian.org\r\nhttp://www.debian.org/security/ Luciano Bello\r\nDecember 31, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : puppet\r\nVulnerability : insecure temporary files\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2013-4969\r\n\r\nAn unsafe use of temporary files was discovered in Puppet, a tool for\r\ncentralized configuration management. An attacker can exploit this \r\nvulnerability and overwrite an arbitrary file in the system.\r\n\r\nFor the oldstable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 2.6.2-5+squeeze9.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, this problem has been fixed in\r\nversion 2.7.23-1~deb7u2.\r\n\r\nFor the testing distribution &#40;jessie&#41;, this problem has been fixed in\r\nversion 3.4.0-1.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 3.4.0-1.\r\n\r\nWe recommend that you upgrade your puppet packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlLC57wACgkQQWTRs4lLtHkyPACdGvgJFTsNR/Y5kysnIqRZMfUP\r\n98cAoIGVdGtlEDmKxNdZbFBCoivocFH9\r\n=1KHZ\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2014-01-08T00:00:00", "title": "[SECURITY] [DSA 2831-1] puppet security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2014-01-08T00:00:00", "id": "SECURITYVULNS:DOC:30157", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30157", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:53", "description": "Symbolic links vulnerability on temporary files creation.", "edition": 1, "cvss3": {}, "published": "2014-01-08T00:00:00", "title": "puppet symbolic links vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-4969"], "modified": "2014-01-08T00:00:00", "id": "SECURITYVULNS:VULN:13480", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13480", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated puppet and puppet3 packages fix security vulnerability: An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system (CVE-2013-4969). This update also corrects an upstream regression, see references for details. \n", "cvss3": {}, "published": "2014-02-19T21:15:34", "type": "mageia", "title": "Updated puppet & puppet3 packages fix CVE-2013-4969 and a regression\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2014-02-19T21:15:34", "id": "MGASA-2014-0084", "href": "https://advisories.mageia.org/MGASA-2014-0084.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T13:58:35", "description": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.", "cvss3": {}, "published": "2014-01-07T18:55:00", "type": "cve", "title": "CVE-2013-4969", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2022-01-24T16:46:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:puppetlabs:puppet:3.3.2", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04"], "id": "CVE-2013-4969", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4969", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-11-22T21:52:30", "description": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before\n2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files\nvia a symlink attack on unspecified files.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | mitigated by Yama on default Ubuntu kernels\n", "cvss3": {}, "published": "2013-12-26T00:00:00", "type": "ubuntucve", "title": "CVE-2013-4969", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2013-12-26T00:00:00", "id": "UB:CVE-2013-4969", "href": "https://ubuntu.com/security/CVE-2013-4969", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-01-29T07:35:16", "description": "Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.", "cvss3": {}, "published": "2014-01-07T18:55:00", "type": "debiancve", "title": "CVE-2013-4969", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2014-01-07T18:55:00", "id": "DEBIANCVE:CVE-2013-4969", "href": "https://security-tracker.debian.org/tracker/CVE-2013-4969", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2021-10-21T23:23:51", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2831-2 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 17, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : regression\nDebian-specific: no\nDebian Bug : 734444\n\nThe fix for CVE-2013-4969 contained a regression affecting the default\nfile mode if none is specified on a file resource.\n\nThe oldstable distribution (squeeze) is not affected by this regression.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.23-1~deb7u3.\n\nFor the testing distribution (jessie) and the unstable distribution\n(sid), this problem has been fixed in version 3.4.2-1.\n\nFor reference, the original advisory text follows.\n\nAn unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze9.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.23-1~deb7u2.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 3.4.1-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.4.1-1.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-01-17T16:07:16", "type": "debian", "title": "[SECURITY] [DSA 2831-2] puppet regression update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2014-01-17T16:07:16", "id": "DEBIAN:DSA-2831-2:52A72", "href": "https://lists.debian.org/debian-security-announce/2014/msg00014.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-21T23:24:29", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2831-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nDecember 31, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : insecure temporary files\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4969\n\nAn unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this \nvulnerability and overwrite an arbitrary file in the system.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze9.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.23-1~deb7u2.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 3.4.0-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.4.0-1.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2013-12-31T16:46:11", "type": "debian", "title": "[SECURITY] [DSA 2831-1] puppet security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2013-12-31T16:46:11", "id": "DEBIAN:DSA-2831-1:D96A1", "href": "https://lists.debian.org/debian-security-announce/2013/msg00245.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-29T23:39:29", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2831-2 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 17, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : regression\nDebian-specific: no\nDebian Bug : 734444\n\nThe fix for CVE-2013-4969 contained a regression affecting the default\nfile mode if none is specified on a file resource.\n\nThe oldstable distribution (squeeze) is not affected by this regression.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.23-1~deb7u3.\n\nFor the testing distribution (jessie) and the unstable distribution\n(sid), this problem has been fixed in version 3.4.2-1.\n\nFor reference, the original advisory text follows.\n\nAn unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze9.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.23-1~deb7u2.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 3.4.1-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.4.1-1.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-01-17T16:07:16", "type": "debian", "title": "[SECURITY] [DSA 2831-2] puppet regression update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2014-01-17T16:07:16", "id": "DEBIAN:DSA-2831-2:5C4DB", "href": "https://lists.debian.org/debian-security-announce/2014/msg00014.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2021-07-25T19:32:10", "description": "**Issue Overview:**\n\nPuppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.\n\n \n**Affected Packages:** \n\n\npuppet\n\n \n**Issue Correction:** \nRun _yum update puppet_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 puppet-2.7.25-1.2.amzn1.i686 \n \u00a0\u00a0\u00a0 puppet-server-2.7.25-1.2.amzn1.i686 \n \u00a0\u00a0\u00a0 puppet-debuginfo-2.7.25-1.2.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 puppet-2.7.25-1.2.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 puppet-debuginfo-2.7.25-1.2.amzn1.x86_64 \n \u00a0\u00a0\u00a0 puppet-2.7.25-1.2.amzn1.x86_64 \n \u00a0\u00a0\u00a0 puppet-server-2.7.25-1.2.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {}, "published": "2014-02-03T15:28:00", "type": "amazon", "title": "Low: puppet", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2014-09-16T22:31:00", "id": "ALAS-2014-288", "href": "https://alas.aws.amazon.com/ALAS-2014-288.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2022-01-04T12:54:15", "description": "It was discovered that Puppet incorrectly handled temporary files. A local \nattacker could possibly use this issue to overwrite arbitrary files. In the \ndefault installation of Ubuntu, this should be prevented by the Yama link \nrestrictions.\n", "cvss3": {}, "published": "2014-01-06T00:00:00", "type": "ubuntu", "title": "Puppet vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4969"], "modified": "2014-01-06T00:00:00", "id": "USN-2077-1", "href": "https://ubuntu.com/security/notices/USN-2077-1", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}]}