{"cve": [{"lastseen": "2019-07-12T12:09:52", "bulletinFamily": "NVD", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.", "modified": "2019-07-11T15:09:00", "id": "CVE-2012-1988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1988", "published": "2012-05-29T20:55:00", "title": "CVE-2012-1988", "type": "cve", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-07-12T12:09:52", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.", "modified": "2019-07-11T15:09:00", "id": "CVE-2012-1987", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1987", "published": "2012-05-29T20:55:00", "title": "CVE-2012-1987", "type": "cve", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:11:11", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Use after Free WriteAV Vulnerability.\"", "modified": "2018-10-12T22:01:00", "id": "CVE-2011-1986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1986", "published": "2011-09-15T12:26:00", "title": "CVE-2011-1986", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-12T12:09:52", "bulletinFamily": "NVD", "description": "telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).", "modified": "2019-07-11T15:09:00", "id": "CVE-2012-1989", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1989", "published": "2012-06-27T18:55:00", "title": "CVE-2012-1989", "type": "cve", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-07-12T12:09:52", "bulletinFamily": "NVD", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.", "modified": "2019-07-11T15:09:00", "id": "CVE-2012-1986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1986", "published": "2012-05-29T20:55:00", "title": "CVE-2012-1986", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:48", "bulletinFamily": "unix", "description": "It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. (CVE-2012-1906)\n\nIt was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. (CVE-2012-1986)\n\nIt was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. (CVE-2012-1987)\n\nIt was discovered that Puppet incorrectly handled filebucket requests. A local attacker could exploit this to execute arbitrary code via a crafted file path. (CVE-2012-1988)\n\nIt was discovered that Puppet used a predictable filename for the Telnet connection log file. A local attacker could exploit this to overwrite arbitrary files. This issue only affected Ubuntu 11.10. (CVE-2012-1989)", "modified": "2012-04-11T00:00:00", "published": "2012-04-11T00:00:00", "id": "USN-1419-1", "href": "https://usn.ubuntu.com/1419-1/", "title": "Puppet vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:57", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1419-1", "modified": "2019-03-13T00:00:00", "published": "2012-04-13T00:00:00", "id": "OPENVAS:1361412562310840981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840981", "title": "Ubuntu Update for puppet USN-1419-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1419_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1419-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1419-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840981\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:33:28 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\",\n \"CVE-2012-1989\");\n script_xref(name:\"USN\", value:\"1419-1\");\n script_name(\"Ubuntu Update for puppet USN-1419-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1419-1\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Puppet used a predictable filename when downloading Mac\n OS X package files. A local attacker could exploit this to overwrite arbitrary\n files. (CVE-2012-1906)\n\n It was discovered that Puppet incorrectly handled filebucket retrieval\n requests. A local attacker could exploit this to read arbitrary files.\n (CVE-2012-1986)\n\n It was discovered that Puppet incorrectly handled filebucket store requests. A\n local attacker could exploit this to perform a denial of service via resource\n exhaustion. (CVE-2012-1987)\n\n It was discovered that Puppet incorrectly handled filebucket requests. A local\n attacker could exploit this to execute arbitrary code via a crafted file path.\n (CVE-2012-1988)\n\n It was discovered that Puppet used a predictable filename for the Telnet\n connection log file. A local attacker could exploit this to overwrite arbitrary\n files. This issue only affected Ubuntu 11.10. (CVE-2012-1989)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.1-1ubuntu3.6\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.9\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:30", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-10T00:00:00", "published": "2012-04-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71278", "id": "OPENVAS:71278", "title": "FreeBSD Ports: puppet", "type": "openvas", "sourceData": "#\n#VID 607d2108-a0e4-423a-bf78-846f2a8f01b0\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 607d2108-a0e4-423a-bf78-846f2a8f01b0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: puppet\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://puppetlabs.com/security/cve/cve-2012-1906/\nhttp://puppetlabs.com/security/cve/cve-2012-1986/\nhttp://puppetlabs.com/security/cve/cve-2012-1987/\nhttp://puppetlabs.com/security/cve/cve-2012-1988/\nhttp://puppetlabs.com/security/cve/cve-2012-1989/\nhttp://www.vuxml.org/freebsd/607d2108-a0e4-423a-bf78-846f2a8f01b0.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71278);\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 5912 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-10 11:01:51 +0200 (Mon, 10 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: puppet\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"puppet\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7.12_1\")<0) {\n txt += \"Package puppet version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2019-03-14T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071278", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071278", "title": "FreeBSD Ports: puppet", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_puppet.nasl 14170 2019-03-14 09:24:12Z cfischer $\n#\n# Auto generated from VID 607d2108-a0e4-423a-bf78-846f2a8f01b0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71278\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 14170 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 10:24:12 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: puppet\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1906/\");\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1986/\");\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1987/\");\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1988/\");\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1989/\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/607d2108-a0e4-423a-bf78-846f2a8f01b0.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"puppet\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7.12_1\")<0) {\n txt += \"Package puppet version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:20:40", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1419-1", "modified": "2017-12-01T00:00:00", "published": "2012-04-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840981", "id": "OPENVAS:840981", "title": "Ubuntu Update for puppet USN-1419-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1419_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for puppet USN-1419-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Puppet used a predictable filename when downloading Mac\n OS X package files. A local attacker could exploit this to overwrite arbitrary\n files. (CVE-2012-1906)\n\n It was discovered that Puppet incorrectly handled filebucket retrieval\n requests. A local attacker could exploit this to read arbitrary files.\n (CVE-2012-1986)\n\n It was discovered that Puppet incorrectly handled filebucket store requests. A\n local attacker could exploit this to perform a denial of service via resource\n exhaustion. (CVE-2012-1987)\n\n It was discovered that Puppet incorrectly handled filebucket requests. A local\n attacker could exploit this to execute arbitrary code via a crafted file path.\n (CVE-2012-1988)\n\n It was discovered that Puppet used a predictable filename for the Telnet\n connection log file. A local attacker could exploit this to overwrite arbitrary\n files. This issue only affected Ubuntu 11.10. (CVE-2012-1989)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1419-1\";\ntag_affected = \"puppet on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1419-1/\");\n script_id(840981);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:33:28 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\",\n \"CVE-2012-1989\");\n script_xref(name: \"USN\", value: \"1419-1\");\n script_name(\"Ubuntu Update for puppet USN-1419-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.1-1ubuntu3.6\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.9\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:03", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201208-02.", "modified": "2018-10-12T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:136141256231071852", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071852", "title": "Gentoo Security Advisory GLSA 201208-02 (Puppet)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201208_02.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71852\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:52 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201208-02 (Puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All Puppet users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.13'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201208-02\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=410857\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201208-02.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-admin/puppet\", unaffected: make_list(\"ge 2.7.13\"), vulnerable: make_list(\"lt 2.7.13\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:55", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201208-02.", "modified": "2017-07-07T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71852", "id": "OPENVAS:71852", "title": "Gentoo Security Advisory GLSA 201208-02 (Puppet)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.\";\ntag_solution = \"All Puppet users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.13'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201208-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=410857\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201208-02.\";\n\n \n \nif(description)\n{\n script_id(71852);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:52 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201208-02 (Puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-admin/puppet\", unaffected: make_list(\"ge 2.7.13\"), vulnerable: make_list(\"lt 2.7.13\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864404", "title": "Fedora Update for puppet FEDORA-2012-6674", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-6674\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864404\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:08:13 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-6674\");\n script_name(\"Fedora Update for puppet FEDORA-2012-6674\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.7.13~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:07:04", "bulletinFamily": "scanner", "description": "Check for the Version of puppet", "modified": "2018-01-09T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864404", "id": "OPENVAS:864404", "title": "Fedora Update for puppet FEDORA-2012-6674", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-6674\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 17\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\");\n script_id(864404);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:08:13 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-6674\");\n script_name(\"Fedora Update for puppet FEDORA-2012-6674\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.7.13~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2451-1.", "modified": "2019-03-18T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071255", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071255", "title": "Debian Security Advisory DSA 2451-1 (puppet)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2451_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2451-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71255\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:56:51 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2451-1 (puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202451-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2012-1906\n\nPuppet is using predictable temporary file names when downloading\nMac OS X package files. This allows a local attacker to either\noverwrite arbitrary files on the system or to install an arbitrary\npackage.\n\nCVE-2012-1986\n\nWhen handling requests for a file from a remote filebucket, puppet\ncan be tricked into overwriting its defined location for filebucket\nstorage. This allows an authorized attacker with access to the puppet\nmaster to read arbitrary files.\n\nCVE-2012-1987\n\nPuppet is incorrectly handling filebucket store requests. This allows\nan attacker to perform denial of service attacks against puppet by\nresource exhaustion.\n\nCVE-2012-1988\n\nPuppet is incorrectly handling filebucket requests. This allows an\nattacker with access to the certificate on the agent and an unprivileged\naccount on puppet master to execute arbitrary code via crafted file\npath names and making a filebucket request.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.13-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.13-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your puppet packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to puppet\nannounced via advisory DSA 2451-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2451-1.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71255", "id": "OPENVAS:71255", "title": "Debian Security Advisory DSA 2451-1 (puppet)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2451_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2451-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2012-1906\n\nPuppet is using predictable temporary file names when downloading\nMac OS X package files. This allows a local attacker to either\noverwrite arbitrary files on the system or to install an arbitrary\npackage.\n\nCVE-2012-1986\n\nWhen handling requests for a file from a remote filebucket, puppet\ncan be tricked into overwriting its defined location for filebucket\nstorage. This allows an authorized attacker with access to the puppet\nmaster to read arbitrary files.\n\nCVE-2012-1987\n\nPuppet is incorrectly handling filebucket store requests. This allows\nan attacker to perform denial of service attacks against puppet by\nresource exhaustion.\n\nCVE-2012-1988\n\nPuppet is incorrectly handling filebucket requests. This allows an\nattacker with access to the certificate on the agent and an unprivileged\naccount on puppet master to execute arbitrary code via crafted file\npath names and making a filebucket request.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.13-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.13-1.\n\nWe recommend that you upgrade your puppet packages.\";\ntag_summary = \"The remote host is missing an update to puppet\nannounced via advisory DSA 2451-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202451-1\";\n\nif(description)\n{\n script_id(71255);\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:56:51 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2451-1 (puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-01T02:38:17", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities exist in puppet that can result in arbitrary\ncode execution, arbitrary file read access, denial of service, and\narbitrary file write access. Please review the details in each of the\nCVEs for additional information.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_607D2108A0E4423ABF78846F2A8F01B0.NASL", "href": "https://www.tenable.com/plugins/nessus/58670", "published": "2012-04-11T00:00:00", "title": "FreeBSD : puppet -- Multiple Vulnerabilities (607d2108-a0e4-423a-bf78-846f2a8f01b0)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58670);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n\n script_name(english:\"FreeBSD : puppet -- Multiple Vulnerabilities (607d2108-a0e4-423a-bf78-846f2a8f01b0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities exist in puppet that can result in arbitrary\ncode execution, arbitrary file read access, denial of service, and\narbitrary file write access. Please review the details in each of the\nCVEs for additional information.\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1906/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1906\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1986/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1986\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1987/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1987\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1988/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1988\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1989/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1989\"\n );\n # https://vuxml.freebsd.org/freebsd/607d2108-a0e4-423a-bf78-846f2a8f01b0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77b95470\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"puppet>2.7.*<2.7.12_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:29", "bulletinFamily": "scanner", "description": "puppet was prone to several security issues", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2012-269.NASL", "href": "https://www.tenable.com/plugins/nessus/74620", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : puppet (openSUSE-SU-2012:0608-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-269.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74620);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2012:0608-1)\");\n script_summary(english:\"Check for the openSUSE-2012-269 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"puppet was prone to several security issues\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"puppet-2.7.6-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"puppet-server-2.7.6-1.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:40:26", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201208-02\n(Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in Puppet:\n Puppet uses predictable file names for temporary files\n (CVE-2012-1906).\n REST requests for a file in a remote filebucket are not handled\n properly by overriding filebucket storage locations (CVE-2012-1986).\n REST requests for a file in a remote filebucket are not handled\n properly by reading streams or writing files on the Puppet master", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201208-02.NASL", "href": "https://www.tenable.com/plugins/nessus/61541", "published": "2012-08-15T00:00:00", "title": "GLSA-201208-02 : Puppet: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201208-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61541);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_bugtraq_id(52975);\n script_xref(name:\"GLSA\", value:\"201208-02\");\n\n script_name(english:\"GLSA-201208-02 : Puppet: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201208-02\n(Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in Puppet:\n Puppet uses predictable file names for temporary files\n (CVE-2012-1906).\n REST requests for a file in a remote filebucket are not handled\n properly by overriding filebucket storage locations (CVE-2012-1986).\n REST requests for a file in a remote filebucket are not handled\n properly by reading streams or writing files on the Puppet master's\n file system (CVE-2012-1987).\n File name paths are not properly sanitized from bucket requests\n (CVE-2012-1988).\n The Telnet utility in Puppet does not handle temporary files securely\n (CVE-2012-1989).\n \nImpact :\n\n A local attacker with access to agent SSL keys could possibly execute\n arbitrary code with the privileges of the process, cause a Denial of\n Service condition, or perform symlink attacks to overwrite or read\n arbitrary files on the Puppet master.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201208-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Puppet users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.13'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/puppet\", unaffected:make_list(\"ge 2.7.13\"), vulnerable:make_list(\"lt 2.7.13\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Puppet\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:30:36", "bulletinFamily": "scanner", "description": "It was discovered that Puppet used a predictable filename when\ndownloading Mac OS X package files. A local attacker could exploit\nthis to overwrite arbitrary files. (CVE-2012-1906)\n\nIt was discovered that Puppet incorrectly handled filebucket retrieval\nrequests. A local attacker could exploit this to read arbitrary files.\n(CVE-2012-1986)\n\nIt was discovered that Puppet incorrectly handled filebucket store\nrequests. A local attacker could exploit this to perform a denial of\nservice via resource exhaustion. (CVE-2012-1987)\n\nIt was discovered that Puppet incorrectly handled filebucket requests.\nA local attacker could exploit this to execute arbitrary code via a\ncrafted file path. (CVE-2012-1988)\n\nIt was discovered that Puppet used a predictable filename for the\nTelnet connection log file. A local attacker could exploit this to\noverwrite arbitrary files. This issue only affected Ubuntu 11.10.\n(CVE-2012-1989).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-1419-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58680", "published": "2012-04-11T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 : puppet vulnerabilities (USN-1419-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1419-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58680);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_xref(name:\"USN\", value:\"1419-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 : puppet vulnerabilities (USN-1419-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Puppet used a predictable filename when\ndownloading Mac OS X package files. A local attacker could exploit\nthis to overwrite arbitrary files. (CVE-2012-1906)\n\nIt was discovered that Puppet incorrectly handled filebucket retrieval\nrequests. A local attacker could exploit this to read arbitrary files.\n(CVE-2012-1986)\n\nIt was discovered that Puppet incorrectly handled filebucket store\nrequests. A local attacker could exploit this to perform a denial of\nservice via resource exhaustion. (CVE-2012-1987)\n\nIt was discovered that Puppet incorrectly handled filebucket requests.\nA local attacker could exploit this to execute arbitrary code via a\ncrafted file path. (CVE-2012-1988)\n\nIt was discovered that Puppet used a predictable filename for the\nTelnet connection log file. A local attacker could exploit this to\noverwrite arbitrary files. This issue only affected Ubuntu 11.10.\n(CVE-2012-1989).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1419-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"puppet-common\", pkgver:\"0.25.4-2ubuntu6.7\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"puppet-common\", pkgver:\"2.6.4-2ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"puppet-common\", pkgver:\"2.7.1-1ubuntu3.6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:01", "bulletinFamily": "scanner", "description": "With Fedora 17 using ruby-1.9.3, an update to puppet-2.7, which has\nimproved support for ruby-1.9, is required. Note that ruby-1.9 is not\nfully supported in the puppet-2.7 series. Where possible, patches from\nthe next upstream release branch will be backported to improve\nruby-1.9 compatibility.\n\nAlso note that there will likely be issues when connecting to a\npuppet-2.6 master. This is unavoidable for the moment. Normally all\nFedora and EPEL branches are kept in sync to avoid this problem. At\nthis time, a decision to move all branches to 2.7 has not been made.\n\nThis update obsoletes puppet-2.6.16, which fixed several security\nissues recently found in puppet related to filebucket functionality.\nFor full details, refer to the upstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2012-6674.NASL", "href": "https://www.tenable.com/plugins/nessus/59000", "published": "2012-05-07T00:00:00", "title": "Fedora 17 : puppet-2.7.13-1.fc17 (2012-6674)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6674.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59000);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_bugtraq_id(52975);\n script_xref(name:\"FEDORA\", value:\"2012-6674\");\n\n script_name(english:\"Fedora 17 : puppet-2.7.13-1.fc17 (2012-6674)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With Fedora 17 using ruby-1.9.3, an update to puppet-2.7, which has\nimproved support for ruby-1.9, is required. Note that ruby-1.9 is not\nfully supported in the puppet-2.7 series. Where possible, patches from\nthe next upstream release branch will be backported to improve\nruby-1.9 compatibility.\n\nAlso note that there will likely be issues when connecting to a\npuppet-2.6 master. This is unavoidable for the moment. Normally all\nFedora and EPEL branches are kept in sync to avoid this problem. At\nthis time, a decision to move all branches to 2.7 has not been made.\n\nThis update obsoletes puppet-2.6.16, which fixed several security\nissues recently found in puppet related to filebucket functionality.\nFor full details, refer to the upstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.7.13\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810071\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28868bfb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"puppet-2.7.13-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:01", "bulletinFamily": "scanner", "description": "This update fixes several security issues recently found in puppet\nrelated to filebucket functionality. For full details, refer to the\nupstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2012-5999.NASL", "href": "https://www.tenable.com/plugins/nessus/58909", "published": "2012-04-30T00:00:00", "title": "Fedora 16 : puppet-2.6.16-1.fc16 (2012-5999)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5999.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58909);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_bugtraq_id(52975);\n script_xref(name:\"FEDORA\", value:\"2012-5999\");\n\n script_name(english:\"Fedora 16 : puppet-2.6.16-1.fc16 (2012-5999)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues recently found in puppet\nrelated to filebucket functionality. For full details, refer to the\nupstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810071\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b35c7a5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"puppet-2.6.16-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:01", "bulletinFamily": "scanner", "description": "This update fixes several security issues recently found in puppet\nrelated to filebucket functionality. For full details, refer to the\nupstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2012-6055.NASL", "href": "https://www.tenable.com/plugins/nessus/58911", "published": "2012-04-30T00:00:00", "title": "Fedora 15 : puppet-2.6.16-1.fc15 (2012-6055)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6055.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58911);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_bugtraq_id(52975);\n script_xref(name:\"FEDORA\", value:\"2012-6055\");\n\n script_name(english:\"Fedora 15 : puppet-2.6.16-1.fc15 (2012-6055)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues recently found in puppet\nrelated to filebucket functionality. For full details, refer to the\nupstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810071\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad5feabe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"puppet-2.6.16-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:30", "bulletinFamily": "scanner", "description": " - Fixed bnc#747657: CVE-2012-1053, CVE-2012-1054: improper\n privilege dropping and file handling flaws This was done\n by updating to the new version in stable branch. The\n stable branch receives only security fixes and this\n update does not provide any new features.\n\n - Fixed bnc#755869 CVE-2012-1988: Filebucket arbitrary\n code execution\n\n - Fixed bnc#755872 CVE-2012-1986: Arbitrary File Read\n\n - Fixed bnc#755870 CVE-2012-1987: Denial of Service\n\n - Fixed bnc#755871 CVE-2012-1989: Arbitrary File Write", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2012-369.NASL", "href": "https://www.tenable.com/plugins/nessus/74671", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : puppet (openSUSE-SU-2012:0835-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-369.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74671);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2012:0835-1)\");\n script_summary(english:\"Check for the openSUSE-2012-369 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixed bnc#747657: CVE-2012-1053, CVE-2012-1054: improper\n privilege dropping and file handling flaws This was done\n by updating to the new version in stable branch. The\n stable branch receives only security fixes and this\n update does not provide any new features.\n\n - Fixed bnc#755869 CVE-2012-1988: Filebucket arbitrary\n code execution\n\n - Fixed bnc#755872 CVE-2012-1986: Arbitrary File Read\n\n - Fixed bnc#755870 CVE-2012-1987: Denial of Service\n\n - Fixed bnc#755871 CVE-2012-1989: Arbitrary File Write\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-07/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-2.6.16-4.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-server-2.6.16-4.23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:21:11", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2012-1906\n Puppet is using predictable temporary file names when\n downloading Mac OS X package files. This allows a local\n attacker to either overwrite arbitrary files on the\n system or to install an arbitrary package.\n\n - CVE-2012-1986\n When handling requests for a file from a remote\n filebucket, Puppet can be tricked into overwriting its\n defined location for filebucket storage. This allows an\n authorized attacker with access to the Puppet master to\n read arbitrary files.\n\n - CVE-2012-1987\n Puppet is incorrectly handling filebucket store\n requests. This allows an attacker to perform denial of\n service attacks against Puppet by resource exhaustion.\n\n - CVE-2012-1988\n Puppet is incorrectly handling filebucket requests. This\n allows an attacker with access to the certificate on the\n agent and an unprivileged account on Puppet master to\n execute arbitrary code via crafted file path names and\n making a filebucket request.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2451.NASL", "href": "https://www.tenable.com/plugins/nessus/58753", "published": "2012-04-16T00:00:00", "title": "Debian DSA-2451-1 : puppet - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2451. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58753);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_bugtraq_id(52975);\n script_xref(name:\"DSA\", value:\"2451\");\n\n script_name(english:\"Debian DSA-2451-1 : puppet - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2012-1906\n Puppet is using predictable temporary file names when\n downloading Mac OS X package files. This allows a local\n attacker to either overwrite arbitrary files on the\n system or to install an arbitrary package.\n\n - CVE-2012-1986\n When handling requests for a file from a remote\n filebucket, Puppet can be tricked into overwriting its\n defined location for filebucket storage. This allows an\n authorized attacker with access to the Puppet master to\n read arbitrary files.\n\n - CVE-2012-1987\n Puppet is incorrectly handling filebucket store\n requests. This allows an attacker to perform denial of\n service attacks against Puppet by resource exhaustion.\n\n - CVE-2012-1988\n Puppet is incorrectly handling filebucket requests. This\n allows an attacker with access to the certificate on the\n agent and an unprivileged account on Puppet master to\n execute arbitrary code via crafted file path names and\n making a filebucket request.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2451\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the puppet packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"puppet\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-common\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-el\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-testsuite\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppetmaster\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vim-puppet\", reference:\"2.6.2-5+squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:13:53", "bulletinFamily": "scanner", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet\nEnterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1\nallows remote authenticated users with an authorized SSL key and\ncertain permissions on the puppet master to read arbitrary files via a\nsymlink attack in conjunction with a crafted REST request for a file\nin a filebucket.", "modified": "2019-11-02T00:00:00", "id": "ALA_ALAS-2012-75.NASL", "href": "https://www.tenable.com/plugins/nessus/69682", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : puppet (ALAS-2012-75)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-75.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69682);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-1986\");\n script_xref(name:\"ALAS\", value:\"2012-75\");\n\n script_name(english:\"Amazon Linux AMI : puppet (ALAS-2012-75)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet\nEnterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1\nallows remote authenticated users with an authorized SSL key and\ncertain permissions on the puppet master to read arbitrary files via a\nsymlink attack in conjunction with a crafted REST request for a file\nin a filebucket.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-75.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update puppet' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"puppet-2.6.16-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-debuginfo-2.6.16-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-server-2.6.16-1.6.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-debuginfo / puppet-server\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "description": "### Background\n\nPuppet is a system configuration management tool written in Ruby.\n\n### Description\n\nMultiple vulnerabilities have been found in Puppet:\n\n * Puppet uses predictable file names for temporary files (CVE-2012-1906). \n * REST requests for a file in a remote filebucket are not handled properly by overriding filebucket storage locations (CVE-2012-1986). \n * REST requests for a file in a remote filebucket are not handled properly by reading streams or writing files on the Puppet master's file system (CVE-2012-1987). \n * File name paths are not properly sanitized from bucket requests (CVE-2012-1988). \n * The Telnet utility in Puppet does not handle temporary files securely (CVE-2012-1989). \n\n### Impact\n\nA local attacker with access to agent SSL keys could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or perform symlink attacks to overwrite or read arbitrary files on the Puppet master. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Puppet users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/puppet-2.7.13\"", "modified": "2012-08-14T00:00:00", "published": "2012-08-14T00:00:00", "id": "GLSA-201208-02", "href": "https://security.gentoo.org/glsa/201208-02", "type": "gentoo", "title": "Puppet: Multiple vulnerabilities", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "unix", "description": "\n\nMultiple vulnerabilities exist in puppet that can result in\n\t arbitrary code execution, arbitrary file read access, denial of\n\t service, and arbitrary file write access. Please review the\n\t details in each of the CVEs for additional information.\n\n", "modified": "2012-03-26T00:00:00", "published": "2012-03-26T00:00:00", "id": "607D2108-A0E4-423A-BF78-846F2A8F01B0", "href": "https://vuxml.freebsd.org/freebsd/607d2108-a0e4-423a-bf78-846f2a8f01b0.html", "title": "puppet -- Multiple Vulnerabilities", "type": "freebsd", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "symantec": [{"lastseen": "2018-03-13T10:05:42", "bulletinFamily": "software", "description": "### Description\n\nMicrosoft Excel is prone to a remote code-execution vulnerability. Attackers could exploit this issue by enticing victims to open a maliciously crafted Excel file. Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the application.\n\n### Technologies Affected\n\n * Microsoft Excel 2003 \n * Microsoft Excel 2003 SP1 \n * Microsoft Excel 2003 SP2 \n * Microsoft Excel 2003 SP3 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\nThe vendor has released an update. Please see the references for details.\n", "modified": "2011-09-13T00:00:00", "published": "2011-09-13T00:00:00", "id": "SMNTC-49476", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/49476", "type": "symantec", "title": "Microsoft Excel Malformed Object CVE-2011-1986 Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:08", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2451-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nApril 13, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2012-1906 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988\n\nSeveral vulnerabilities have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2012-1906\n\n Puppet is using predictable temporary file names when downloading\n Mac OS X package files. This allows a local attacker to either\n overwrite arbitrary files on the system or to install an arbitrary\n package.\n\nCVE-2012-1986\n\n When handling requests for a file from a remote filebucket, puppet\n can be tricked into overwriting its defined location for filebucket\n storage. This allows an authorized attacker with access to the puppet\n master to read arbitrary files.\n\nCVE-2012-1987\n\n Puppet is incorrectly handling filebucket store requests. This allows\n an attacker to perform denial of service attacks against puppet by\n resource exhaustion.\n\nCVE-2012-1988\n\n Puppet is incorrectly handling filebucket requests. This allows an\n attacker with access to the certificate on the agent and an unprivileged\n account on puppet master to execute arbitrary code via crafted file\n path names and making a filebucket request.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.13-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.13-1.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-04-13T05:09:12", "published": "2012-04-13T05:09:12", "id": "DEBIAN:DSA-2451-1:E1AA5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00081.html", "title": "[SECURITY] [DSA 2451-1] puppet security update", "type": "debian", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-10-24T22:43:45", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2453-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nApril 16, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gajim\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2012-2093 CVE-2012-2086 CVE-2012-2085\nDebian bug : 668038\n\nSeveral vulnerabilities have been discovered in gajim, a feature-rich\njabber client. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2012-1987\n\n gajim is not properly sanitizing input before passing it to shell\n commands. An attacker can use this flaw to execute arbitrary code\n on behalf of the victim if the user e.g. clicks on a specially crafted\n URL in an instant message.\n\nCVE-2012-2093\n\n gajim is using predictable temporary files in an insecure manner when\n converting instant messages containing LaTeX to images. A local\n attacker can use this flaw to conduct symlink attacks and overwrite\n files the victim has write access to.\n\nCVE-2012-2086\n\n gajim is not properly sanitizing input when logging conversations\n which results in the possibility to conduct SQL injection attacks.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.13.4-3+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.15-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.15-1.\n\nWe recommend that you upgrade your gajim packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-04-16T05:42:08", "published": "2012-04-16T05:42:08", "id": "DEBIAN:DSA-2453-1:EF8FE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00083.html", "title": "[SECURITY] [DSA 2453-1] gajim security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:54", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. \n\n \n**Affected Packages:** \n\n\npuppet\n\n \n**Issue Correction:** \nRun _yum update puppet_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n puppet-debuginfo-2.6.16-1.6.amzn1.i686 \n puppet-2.6.16-1.6.amzn1.i686 \n puppet-server-2.6.16-1.6.amzn1.i686 \n \n src: \n puppet-2.6.16-1.6.amzn1.src \n \n x86_64: \n puppet-debuginfo-2.6.16-1.6.amzn1.x86_64 \n puppet-2.6.16-1.6.amzn1.x86_64 \n puppet-server-2.6.16-1.6.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T16:09:00", "published": "2014-09-14T16:09:00", "id": "ALAS-2012-075", "href": "https://alas.aws.amazon.com/ALAS-2012-75.html", "title": "Medium: puppet", "type": "amazon", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "github": [{"lastseen": "2019-11-21T12:51:11", "bulletinFamily": "software", "description": "telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).", "modified": "2019-07-03T21:02:00", "published": "2017-10-24T18:33:38", "id": "GHSA-C5QQ-G673-5P49", "href": "https://github.com/advisories/GHSA-c5qq-g673-5p49", "title": "Low severity vulnerability that affects puppet", "type": "github", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "iDefense Security Advisory 09.13.11\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nSep 13, 2011\r\n\r\nI. BACKGROUND\r\n\r\nExcel is the spreadsheet application included with Microsoft Corp.'s\r\nOffice productivity software suite. More information is available at the\r\nfollowing website:\r\n\r\nhttp://office.microsoft.com/excel/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a memory corruption vulnerability in Microsoft\r\nCorp.'s Excel could allow an attacker to execute arbitrary code with the\r\nprivileges of the current user.\r\n\r\nThe vulnerability occurs when Excel parses a certain specially crafted\r\nrecord in an Excel file. An invalid value of the length field in the\r\nrecord header can trigger an error condition and result in using memory\r\ncontent which has already been freed and may allow arbitrary code\r\nexecution.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the user opening the file. To exploit this\r\nvulnerability, an attacker needs to convince a user to open a malicious\r\nfile. Attackers typically accomplish this by e-mailing a targeted user\r\nthe file or hosting the file on a Web page.\r\n\r\nIV. DETECTION\r\n\r\nMicrosoft has reported the following products vulnerable:\r\n\r\n * Microsoft Excel 2003 SP 3\r\n * Microsoft Excel 2007 SP 2\r\n * Microsoft Office 2007 SP 2\r\n * Microsoft Excel 2010 (32-bit editions)\r\n * Microsoft Excel 2010 SP 1 (32-bit editions)\r\n * Microsoft Office 2010 and Microsoft Office 2010 SP 1 (32-bit editions)\r\n * Microsoft Excel 2010 (64-bit editions)\r\n * Microsoft Excel 2010 SP 1 (64-bit editions)\r\n * Microsoft Office 2010 and Microsoft Office 2010 SP 1 (64-bit editions)\r\n * Microsoft Office 2004 for Mac\r\n * Microsoft Office 2008 for Mac\r\n * Microsoft Office for Mac 2011\r\n * Open XML File Format Converter for Mac\r\n * Microsoft Excel Viewer SP 2\r\n * Microsoft Office Compatibility Pack for Word, Excel, and\r\nPowerPoint 2007 File Formats SP 2\r\n * Excel Services\r\n * Microsoft Excel Web App 2010 and Microsoft Excel Web App 2010 SP 1\r\n\r\nV. WORKAROUND\r\n\r\nMicrosoft suggested workarounds can be found under the Workaround\r\nsection within Microsoft Security Bulletin MS11-072.\r\n\r\nhttp://technet.microsoft.com/en-us/security/bulletin/ms11-072\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nMicrosoft has released fixes which addresses this issue. Information\r\nabout downloadable vendor updates can be found by clicking on the URLs\r\nshown.\r\n\r\nhttp://technet.microsoft.com/en-us/security/bulletin/ms11-072\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2011-1986 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n02/16/2011 Initial Vendor Notification\r\n02/16/2011 Vendor Reply\r\n09/13/2011 Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThe discoverer of this vulnerability wishes to remain anonymous.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright A\u00a9 2011 Verisign\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\ne-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "modified": "2011-09-16T00:00:00", "published": "2011-09-16T00:00:00", "id": "SECURITYVULNS:DOC:27016", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27016", "title": "iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "description": "Unescaped shell characters, symbolic links vulnerability, SQL injections.", "modified": "2012-04-19T00:00:00", "published": "2012-04-19T00:00:00", "id": "SECURITYVULNS:VULN:12327", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12327", "title": "gajim jabber client multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2453-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nApril 16, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : gajim\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE IDs : CVE-2012-2093 CVE-2012-2086 CVE-2012-2085\r\nDebian bug : 668038\r\n\r\nSeveral vulnerabilities have been discovered in gajim, a feature-rich\r\njabber client. The Common Vulnerabilities and Exposures project\r\nidentifies the following problems:\r\n\r\nCVE-2012-1987\r\n\r\n gajim is not properly sanitizing input before passing it to shell\r\n commands. An attacker can use this flaw to execute arbitrary code\r\n on behalf of the victim if the user e.g. clicks on a specially crafted\r\n URL in an instant message.\r\n\r\nCVE-2012-2093\r\n\r\n gajim is using predictable temporary files in an insecure manner when\r\n converting instant messages containing LaTeX to images. A local\r\n attacker can use this flaw to conduct symlink attacks and overwrite\r\n files the victim has write access to.\r\n\r\nCVE-2012-2086\r\n\r\n gajim is not properly sanitizing input when logging conversations\r\n which results in the possibility to conduct SQL injection attacks.\r\n\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 0.13.4-3+squeeze2.\r\n\r\nFor the testing distribution (wheezy), this problem has been fixed in\r\nversion 0.15-1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 0.15-1.\r\n\r\nWe recommend that you upgrade your gajim packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk+LrNsACgkQHYflSXNkfP9GKACcDu4Zrmtq5e24RIxQMO2Mt/1J\r\nxxUAn2EN1XxsdvduTN4i/hHzyNpPCEqY\r\n=bkGL\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-04-19T00:00:00", "published": "2012-04-19T00:00:00", "id": "SECURITYVULNS:DOC:27926", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27926", "title": "[SECURITY] [DSA 2453-1] gajim security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "Multiple Excel memory corruptions, Word uninitialized pointer dereference, unsafe DLL loading.", "modified": "2011-09-20T00:00:00", "published": "2011-09-20T00:00:00", "id": "SECURITYVULNS:VULN:11909", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11909", "title": "Microsoft Office multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mskb": [{"lastseen": "2019-09-11T12:35:33", "bulletinFamily": "microsoft", "description": "<html><body><p>Resolves security vulnerabilities in Microsoft Excel that could allow arbitrary code to run when a maliciously modified file is opened.</p><h2>Introduction</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS11-072. To view the complete security bulletin, visit one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users:<div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201109.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201109.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms11-072.mspx\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/ms11-072.mspx</a></div></li></ul><span><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> <br/>Help installing updates: <br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></span></div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">More information about this security update</h3><h4 class=\"sbody-h4\">Known issues and additional information about this security update</h4>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link. <br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2553073\" id=\"kb-link-8\">2553073 </a> MS11-072: Description of the security update for Excel 2007: September 13, 2011<br/><br/>The following is the known issue in security update 2553073. For more information about this known issue, see security update 2553073.<ul class=\"sbody-free_list\"><li>Microsoft Update or Windows Update may offer this update even though you do not have Microsoft Office Excel 2007 installed.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553072\" id=\"kb-link-9\">2553072 </a> MS11-072: Description of the security update for Excel 2003: September 13, 2011<br/><br/>The following is the known issue in security update 2553072. For more information about this known issue, see security update 2553072.<ul class=\"sbody-free_list\"><li>Microsoft Update or Windows Update may offer this update even though you do not have Microsoft Office Excel 2003 installed.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553074\" id=\"kb-link-10\">2553074 </a> MS11-072: Description of the security update for the 2007 Office system and the Office Compatibility Pack: September 13, 2011<br/><br/>The following is the known issue in security update 2553074. For more information about this known issue, see security update 2553074.<ul class=\"sbody-free_list\"><li>Microsoft Update or Windows Update may offer this update even though you do not have the 2007 Microsoft Office system or the Microsoft Office Compatibility Pack installed.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553075\" id=\"kb-link-11\">2553075 </a> MS11-072: Description of the security update for Excel Viewer: September 13, 2011</li><li><a href=\"https://support.microsoft.com/en-us/help/2553091\" id=\"kb-link-12\">2553091 </a> MS11-072: Description of the security update for Office 2010 (Oart.dll): September 13, 2011</li><li><a href=\"https://support.microsoft.com/en-us/help/2553096\" id=\"kb-link-13\">2553096 </a> MS11-072: Description of the security update for Office 2010 (Oartconv.dll): September 13, 2011</li><li><a href=\"https://support.microsoft.com/en-us/help/2553089\" id=\"kb-link-14\">2553089 </a> MS11-072: Description of the security update for the 2007 Office system (Oart.dll): September 13, 2011<br/><br/>The following is the known issue in security update 2553089. For more information about this known issue, see security update 2553089.<ul class=\"sbody-free_list\"><li>Microsoft Update or Windows Update may offer this update even though you do not have the 2007 Microsoft Office system installed.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553090\" id=\"kb-link-15\">2553090 </a> MS11-072: Description of the security update for the 2007 Office system (Oartconv.dll): September 13, 2011<br/><br/>The following is the known issue in security update 2553090. For more information about this known issue, see security update 2553090.<ul class=\"sbody-free_list\"><li>Microsoft Update or Windows Update may offer this update even though you do not have the 2007 Microsoft Office system installed.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553094\" id=\"kb-link-16\">2553094 </a> MS11-072: Description of the security update for Excel Services in SharePoint Server 2010: September 13, 2011<br/><br/>The following is the known issue in security update 2553094. For more information about this known issue, see security update 2553094.<ul class=\"sbody-free_list\"><li>This security update is listed incorrectly in the <span class=\"text-base\"><strong class=\"uiterm\">Add or Remove Programs</strong></span> item or the <strong class=\"uiterm\">Programs and Features</strong> item in Control Panel.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553093\" id=\"kb-link-17\">2553093 </a> MS11-072: Description of the security update for Excel Services in SharePoint Server 2007: September 13, 2011</li><li><a href=\"https://support.microsoft.com/en-us/help/2553095\" id=\"kb-link-18\">2553095 </a> MS11-072: Description of the security update for Office Online 2010: September 13, 2011</li><li><a href=\"https://support.microsoft.com/en-us/help/2598783\" id=\"kb-link-19\">2598783 </a> MS11-072: Description of the Microsoft Office for Mac 2011 14.1.3 Update: September 13, 2011</li><li><a href=\"https://support.microsoft.com/en-us/help/2598781\" id=\"kb-link-20\">2598781 </a> MS11-072: Description of the Microsoft Office 2008 for Mac 12.3.1 Update: September 13, 2011</li><li><a href=\"https://support.microsoft.com/en-us/help/2598782\" id=\"kb-link-21\">2598782 </a> MS11-072: Description of the security update for Office 2004 for Mac: September 13, 2011</li><li><a href=\"https://support.microsoft.com/en-us/help/2598785\" id=\"kb-link-22\">2598785 </a> MS11-072: Description of the Open XML File Format Converter for Mac 1.2.1: September 13, 2011</li></ul></div></body></html>", "modified": "2014-04-17T09:06:13", "id": "KB2587505", "href": "https://support.microsoft.com/en-us/help/2587505/", "published": "2017-01-07T21:16:01", "title": "MS11-072: Vulnerabilities in Microsoft Excel could allow remote code execution: September 13, 2011", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}