DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:864193", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for puppet FEDORA-2012-6055", "description": "Check for the Version of puppet", "published": "2012-04-30T00:00:00", "modified": "2018-01-09T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=864193", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["2012-6055", "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html"], "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2012-1988", "CVE-2011-3869", "CVE-2012-1986", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872", "CVE-2012-1987"], "lastseen": "2018-01-11T11:06:24", "viewCount": 3, "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2011-011", "ALAS-2012-053", "ALAS-2012-075"]}, {"type": "cve", "idList": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"]}, {"type": "debian", "idList": ["DEBIAN:BSA-050:58D2F", "DEBIAN:BSA-051:C9465", "DEBIAN:BSA-055:FE09A", "DEBIAN:BSA-065:5B213", "DEBIAN:DSA-2314-1:D9918", "DEBIAN:DSA-2352-1:916A3", "DEBIAN:DSA-2419-1:38FC3", "DEBIAN:DSA-2451-1:E1AA5", "DEBIAN:DSA-2453-1:EF8FE"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-3848", "DEBIANCVE:CVE-2011-3869", "DEBIANCVE:CVE-2011-3870", "DEBIANCVE:CVE-2011-3871", "DEBIANCVE:CVE-2011-3872", "DEBIANCVE:CVE-2012-1053", "DEBIANCVE:CVE-2012-1054", "DEBIANCVE:CVE-2012-1986", "DEBIANCVE:CVE-2012-1987", "DEBIANCVE:CVE-2012-1988"]}, {"type": "fedora", "idList": ["FEDORA:00E5A20DCF", "FEDORA:110DC20B57", "FEDORA:1154121A6D", "FEDORA:11B7221073", "FEDORA:3152C2118A", "FEDORA:4A70620A7E", "FEDORA:58CEE21357", "FEDORA:6EB1C20F73", "FEDORA:767F321514", "FEDORA:9A826216D3", "FEDORA:A65602162C", "FEDORA:C3C3E2140B", "FEDORA:E05C621363"]}, {"type": "freebsd", "idList": ["607D2108-A0E4-423A-BF78-846F2A8F01B0"]}, {"type": "gentoo", "idList": ["GLSA-201203-03", "GLSA-201208-02"]}, {"type": "nessus", "idList": ["ALA_ALAS-2011-11.NASL", "ALA_ALAS-2012-53.NASL", "ALA_ALAS-2012-75.NASL", "DEBIAN_DSA-2314.NASL", "DEBIAN_DSA-2352.NASL", "DEBIAN_DSA-2419.NASL", "DEBIAN_DSA-2451.NASL", "DEBIAN_DSA-2453.NASL", "FEDORA_2011-13623.NASL", "FEDORA_2011-13633.NASL", "FEDORA_2011-13636.NASL", "FEDORA_2011-14880.NASL", "FEDORA_2011-14994.NASL", "FEDORA_2011-15000.NASL", "FEDORA_2012-2325.NASL", "FEDORA_2012-2367.NASL", "FEDORA_2012-2415.NASL", "FEDORA_2012-5999.NASL", "FEDORA_2012-6055.NASL", "FEDORA_2012-6674.NASL", "FREEBSD_PKG_607D2108A0E4423ABF78846F2A8F01B0.NASL", "GENTOO_GLSA-201203-03.NASL", "GENTOO_GLSA-201208-02.NASL", "OPENSUSE-2012-269.NASL", "OPENSUSE-2012-369.NASL", "SUSE_11_3_PUPPET-111005.NASL", "SUSE_11_3_PUPPET-111110.NASL", "SUSE_11_4_PUPPET-111005.NASL", "SUSE_11_4_PUPPET-111110.NASL", "SUSE_11_PUPPET-111111.NASL", "SUSE_11_PUPPET-120224.NASL", "SUSE_11_PUPPET-120411.NASL", "UBUNTU_USN-1217-1.NASL", "UBUNTU_USN-1223-1.NASL", "UBUNTU_USN-1223-2.NASL", "UBUNTU_USN-1238-1.NASL", "UBUNTU_USN-1372-1.NASL", "UBUNTU_USN-1419-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120145", "OPENVAS:1361412562310120414", "OPENVAS:1361412562310120501", "OPENVAS:136141256231070403", "OPENVAS:136141256231070566", "OPENVAS:136141256231071147", "OPENVAS:136141256231071187", "OPENVAS:136141256231071255", "OPENVAS:136141256231071257", "OPENVAS:136141256231071278", "OPENVAS:136141256231071852", "OPENVAS:1361412562310840757", "OPENVAS:1361412562310840763", "OPENVAS:1361412562310840766", "OPENVAS:1361412562310840783", "OPENVAS:1361412562310840784", "OPENVAS:1361412562310840907", "OPENVAS:1361412562310840981", "OPENVAS:1361412562310863586", "OPENVAS:1361412562310863587", "OPENVAS:1361412562310863628", "OPENVAS:1361412562310863634", "OPENVAS:1361412562310863765", "OPENVAS:1361412562310863778", "OPENVAS:1361412562310863896", "OPENVAS:1361412562310863950", "OPENVAS:1361412562310864185", "OPENVAS:1361412562310864193", "OPENVAS:1361412562310864404", "OPENVAS:1361412562310864430", "OPENVAS:1361412562310864568", "OPENVAS:70403", "OPENVAS:70566", "OPENVAS:71147", "OPENVAS:71187", "OPENVAS:71255", "OPENVAS:71257", "OPENVAS:71278", "OPENVAS:71852", "OPENVAS:840757", "OPENVAS:840763", "OPENVAS:840766", "OPENVAS:840783", "OPENVAS:840784", "OPENVAS:840907", "OPENVAS:840981", "OPENVAS:863586", "OPENVAS:863587", "OPENVAS:863628", "OPENVAS:863634", "OPENVAS:863765", "OPENVAS:863778", "OPENVAS:863896", "OPENVAS:863950", "OPENVAS:864185", "OPENVAS:864404", "OPENVAS:864430", "OPENVAS:864568"]}, {"type": "osv", "idList": ["OSV:DSA-2314-1", "OSV:DSA-2352-1", "OSV:DSA-2419-1", "OSV:DSA-2451-1", "OSV:DSA-2453-1", "OSV:DSA-2453-2"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27090", "SECURITYVULNS:DOC:27360", "SECURITYVULNS:DOC:27729", "SECURITYVULNS:DOC:27926", "SECURITYVULNS:VULN:11934", "SECURITYVULNS:VULN:12237", "SECURITYVULNS:VULN:12327"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0325-1"]}, {"type": "ubuntu", "idList": ["USN-1217-1", "USN-1223-1", "USN-1223-2", "USN-1238-1", "USN-1372-1", "USN-1419-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-3848", "UB:CVE-2011-3869", "UB:CVE-2011-3870", "UB:CVE-2011-3871", "UB:CVE-2011-3872", "UB:CVE-2012-1053", "UB:CVE-2012-1054", "UB:CVE-2012-1986", "UB:CVE-2012-1987", "UB:CVE-2012-1988"]}]}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2012-053"]}, {"type": "cve", "idList": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"]}, {"type": "debian", "idList": ["DEBIAN:BSA-065:5B213"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-3848"]}, {"type": "fedora", "idList": ["FEDORA:E05C621363"]}, {"type": "freebsd", "idList": ["607D2108-A0E4-423A-BF78-846F2A8F01B0"]}, {"type": "gentoo", "idList": ["GLSA-201203-03"]}, {"type": "nessus", "idList": ["ALA_ALAS-2012-75.NASL", "UBUNTU_USN-1223-1.NASL", "UBUNTU_USN-1238-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231071852", "OPENVAS:1361412562310864568", "OPENVAS:840763", "OPENVAS:863950"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27360"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0325-1"]}, {"type": "ubuntu", "idList": ["USN-1238-1", "USN-1419-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-1988"]}]}, "exploitation": null, "vulnersScore": 0.1}, "pluginID": "864193", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-6055\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 15\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\");\n script_id(864193);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:08:13 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1053\",\n \"CVE-2012-1054\", \"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\",\n \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-6055\");\n script_name(\"Fedora Update for puppet FEDORA-2012-6055\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.16~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1659837467}, "_internal": {"score_hash": "b9055d579380f50991f1a88070d5abb8"}}

{"fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2012-04-27T06:05:30", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: puppet-2.6.16-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2012-04-27T06:05:30", "id": "FEDORA:110DC20B57", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6NY6HN6AW45M3ALEWMFLCG7KL7A35SBY/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2012-03-10T21:53:21", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: puppet-2.6.14-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-10T21:53:21", "id": "FEDORA:3152C2118A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RUEAPOAHIVJVCVF7GBZZN2FSR2CBTARW/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2012-04-27T05:51:26", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: puppet-2.6.16-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2012-04-27T05:51:26", "id": "FEDORA:4A70620A7E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WJTOZSJCSDYJMDQJ5RNC2DGU6MBWX46U/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-11-19T06:01:24", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: puppet-2.6.12-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2011-11-19T06:01:24", "id": "FEDORA:6EB1C20F73", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P7VCYKXRQZJ7DXKPZ77TVEI7HCJSH6BT/", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-11-19T06:08:55", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: puppet-2.6.12-1.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2011-11-19T06:08:55", "id": "FEDORA:C3C3E2140B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V2UYFECCSHO3HRJ4YFNDNMQ7HTMTJZVR/", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-10-15T20:25:52", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: puppet-2.6.6-3.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2011-10-15T20:25:52", "id": "FEDORA:767F321514", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YRK3PQ5BXSW7JNKPP5BOMWGSE26SYHYO/", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-10-15T20:28:07", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: puppet-2.6.6-3.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2011-10-15T20:28:07", "id": "FEDORA:9A826216D3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6WF4GSHWNCAIQUAXLYOXHJ7NLYNXEETN/", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2012-05-06T04:52:47", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: puppet-2.7.13-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2012-05-06T04:52:47", "id": "FEDORA:00E5A20DCF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DJMB3GDPLJFOWPRRWBBXXTYM5SA6UP5T/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2012-07-28T01:17:34", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: puppet-2.6.17-2.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-3864", "CVE-2012-3865", "CVE-2012-3866", "CVE-2012-3867"], "modified": "2012-07-28T01:17:34", "id": "FEDORA:A65602162C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FCQBXXHOJ66W235QJU5HUXOTTE7BVINK/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-10-16T00:58:38", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: puppet-2.6.6-3.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2011-10-16T00:58:38", "id": "FEDORA:1154121A6D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6DSIQPXFPNILNJYQL36XCJ5GUMBVSXZA/", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2012-03-10T21:52:57", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: puppet-2.6.14-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-10T21:52:57", "id": "FEDORA:58CEE21357", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SEJOR5NDMWK3Z7OGKISZN26HFBQTJDEK/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2012-03-11T17:02:10", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: puppet-2.6.14-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-11T17:02:10", "id": "FEDORA:E05C621363", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BYOHTWPO7S6QFGC7XNO3PBOPQWWWFACU/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "cvss3": {}, "published": "2011-11-19T05:58:17", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: puppet-2.6.12-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872"], "modified": "2011-11-19T05:58:17", "id": "FEDORA:11B7221073", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4F7IPH44AOVTM624LOUMVOWSUVMWTLAJ/", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:38:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-6055", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2012-1988", "CVE-2011-3869", "CVE-2012-1986", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872", "CVE-2012-1987"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864193", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864193", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-6055\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864193\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:08:13 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1053\",\n \"CVE-2012-1054\", \"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\",\n \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-6055\");\n script_name(\"Fedora Update for puppet FEDORA-2012-6055\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.16~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:56:52", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-2367", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2011-3869", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:863765", "href": "http://plugins.openvas.org/nasl.php?oid=863765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2367\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 15\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075036.html\");\n script_id(863765);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 12:41:11 +0530 (Mon, 12 Mar 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2011-3872\", \"CVE-2011-3869\",\n \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-2367\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2367\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-2367", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2011-3869", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863765", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2367\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075036.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863765\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 12:41:11 +0530 (Mon, 12 Mar 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2011-3872\", \"CVE-2011-3869\",\n \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-2367\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2367\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:32", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-5999", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1054", "CVE-2011-3872", "CVE-2012-1987"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:864185", "href": "http://plugins.openvas.org/nasl.php?oid=864185", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-5999\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 16\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html\");\n script_id(864185);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:07:55 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1053\",\n \"CVE-2012-1054\", \"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-5999\");\n script_name(\"Fedora Update for puppet FEDORA-2012-5999\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.16~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-5999", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1054", "CVE-2011-3872", "CVE-2012-1987"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864185", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864185", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-5999\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864185\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:07:55 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1053\",\n \"CVE-2012-1054\", \"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-5999\");\n script_name(\"Fedora Update for puppet FEDORA-2012-5999\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.16~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-14994", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848", "CVE-2011-3872"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-14994\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069454.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863628\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:34:47 +0530 (Mon, 21 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-14994\");\n script_cve_id(\"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-14994\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:47", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2011-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-15000", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848", "CVE-2011-3872"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863634", "href": "http://plugins.openvas.org/nasl.php?oid=863634", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-15000\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 14\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069488.html\");\n script_id(863634);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:35:10 +0530 (Mon, 21 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-15000\");\n script_cve_id(\"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-15000\");\n\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:53", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2011-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-14994", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848", "CVE-2011-3872"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863628", "href": "http://plugins.openvas.org/nasl.php?oid=863628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-14994\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 15\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069454.html\");\n script_id(863628);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:34:47 +0530 (Mon, 21 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-14994\");\n script_cve_id(\"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-14994\");\n\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-15000", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848", "CVE-2011-3872"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863634", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863634", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-15000\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069488.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863634\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-21 09:35:10 +0530 (Mon, 21 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-15000\");\n script_cve_id(\"CVE-2011-3872\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-15000\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:13", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-03.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-03 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2011-3869", "CVE-2009-3564", "CVE-2010-0156", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71187", "href": "http://plugins.openvas.org/nasl.php?oid=71187", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in Puppet, the worst of\n which might allow local attackers to gain escalated privileges.\";\ntag_solution = \"All Puppet users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.11'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=303729\nhttp://bugs.gentoo.org/show_bug.cgi?id=308031\nhttp://bugs.gentoo.org/show_bug.cgi?id=384859\nhttp://bugs.gentoo.org/show_bug.cgi?id=385149\nhttp://bugs.gentoo.org/show_bug.cgi?id=388161\nhttp://bugs.gentoo.org/show_bug.cgi?id=403963\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-03.\";\n\n \n \nif(description)\n{\n script_id(71187);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3564\", \"CVE-2010-0156\", \"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\", \"CVE-2012-1053\", \"CVE-2012-1054\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-03 (puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-admin/puppet\", unaffected: make_list(\"ge 2.7.11\"), vulnerable: make_list(\"lt 2.7.11\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-03.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-03 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2012-1053", "CVE-2011-3869", "CVE-2009-3564", "CVE-2010-0156", "CVE-2011-3848", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071187", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071187", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201203_03.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71187\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3564\", \"CVE-2010-0156\", \"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\", \"CVE-2012-1053\", \"CVE-2012-1054\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-03 (puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in Puppet, the worst of\n which might allow local attackers to gain escalated privileges.\");\n script_tag(name:\"solution\", value:\"All Puppet users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.11'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-03\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=303729\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=308031\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=384859\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=385149\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=388161\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=403963\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201203-03.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-admin/puppet\", unaffected: make_list(\"ge 2.7.11\"), vulnerable: make_list(\"lt 2.7.11\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:24", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2314-1.", "cvss3": {}, "published": "2011-10-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2314-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70403", "href": "http://plugins.openvas.org/nasl.php?oid=70403", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2314_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2314-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security issues have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2011-3848\n\nKristian Erik Hermansen reported that an unauthenticated\ndirectory traversal could drop any valid X.509 Certificate Signing\nRequest at any location on disk, with the privileges of the Puppet\nMaster application.\n\nCVE-2011-3870\n\nRicky Zhou discovered a potential local privilege escalation in the\nssh_authorized_keys resource and theoretically in the Solaris and\nAIX providers, where file ownership was given away before it was\nwritten, leading to a possibility for a user to overwrite arbitrary\nfiles as root, if their authorized_keys file was managed.\n\nCVE-2011-3869\n\nA predictable file name in the k5login type leads to the possibility\nof symlink attacks which would allow the owner of the home directory\nto symlink to anything on the system, and have it replaced with the\ncorrect content of the file, which can lead to a privilege escalation\non puppet runs.\n\nCVE-2011-3871\n\nA potential local privilege escalation was found in the --edit mode\nof 'puppet resource' due to a persistent, predictable file name,\nwhich can result in editing an arbitrary target file, and thus be\nbe tricked into running that arbitrary file as the invoking\nuser. This command is most commonly run as root, this leads to a\npotential privilege escalation.\n\n\nAdditionally, this update hardens the indirector file backed terminus base\nclass against injection attacks based on trusted path names.\n\n\nFor the oldstable distribution (lenny), this problem will be fixed soon.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\n\nFor the testing distribution (wheezy), this has been fixed in\nversion 2.7.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.3-3.\n\nWe recommend that you upgrade your puppet packages.\";\ntag_summary = \"The remote host is missing an update to puppet\nannounced via advisory DSA 2314-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202314-1\";\n\n\nif(description)\n{\n script_id(70403);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-16 23:01:53 +0200 (Sun, 16 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\");\n script_name(\"Debian Security Advisory DSA 2314-1 (puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.3-3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:02", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2314-1.", "cvss3": {}, "published": "2011-10-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2314-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070403", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070403", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2314_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2314-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70403\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-16 23:01:53 +0200 (Sun, 16 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\");\n script_name(\"Debian Security Advisory DSA 2314-1 (puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202314-1\");\n script_tag(name:\"insight\", value:\"Multiple security issues have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2011-3848\n\nKristian Erik Hermansen reported that an unauthenticated\ndirectory traversal could drop any valid X.509 Certificate Signing\nRequest at any location on disk, with the privileges of the Puppet\nMaster application.\n\nCVE-2011-3870\n\nRicky Zhou discovered a potential local privilege escalation in the\nssh_authorized_keys resource and theoretically in the Solaris and\nAIX providers, where file ownership was given away before it was\nwritten, leading to a possibility for a user to overwrite arbitrary\nfiles as root, if their authorized_keys file was managed.\n\nCVE-2011-3869\n\nA predictable file name in the k5login type leads to the possibility\nof symlink attacks which would allow the owner of the home directory\nto symlink to anything on the system, and have it replaced with the\ncorrect content of the file, which can lead to a privilege escalation\non puppet runs.\n\nCVE-2011-3871\n\nA potential local privilege escalation was found in the --edit mode\nof 'puppet resource' due to a persistent, predictable file name,\nwhich can result in editing an arbitrary target file, and thus be\nbe tricked into running that arbitrary file as the invoking\nuser. This command is most commonly run as root, this leads to a\npotential privilege escalation.\n\n\nAdditionally, this update hardens the indirector file backed terminus base\nclass against injection attacks based on trusted path names.\n\n\nFor the oldstable distribution (lenny), this problem will be fixed soon.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\n\nFor the testing distribution (wheezy), this has been fixed in\nversion 2.7.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.3-3.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your puppet packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to puppet\nannounced via advisory DSA 2314-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.3-3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:24", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13633", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863586", "href": "http://plugins.openvas.org/nasl.php?oid=863586", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13633\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 14\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html\");\n script_id(863586);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-13633\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13633\");\n\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13633", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863586", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13633\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863586\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-13633\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13633\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863587", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863587\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_xref(name:\"FEDORA\", value:\"2011-13636\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13636\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:27", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863587", "href": "http://plugins.openvas.org/nasl.php?oid=863587", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13636\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 15\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html\");\n script_id(863587);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_xref(name: \"FEDORA\", value: \"2011-13636\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\", \"CVE-2011-3848\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13636\");\n\n script_summary(\"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:04", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-6674", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1987"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864404", "href": "http://plugins.openvas.org/nasl.php?oid=864404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-6674\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 17\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\");\n script_id(864404);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:08:13 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-6674\");\n script_name(\"Fedora Update for puppet FEDORA-2012-6674\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.7.13~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-6674", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1987"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-6674\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864404\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:08:13 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-6674\");\n script_name(\"Fedora Update for puppet FEDORA-2012-6674\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.7.13~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:07:15", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-10897", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3867", "CVE-2012-1053", "CVE-2012-1988", "CVE-2012-3866", "CVE-2012-1986", "CVE-2012-1054", "CVE-2011-3872", "CVE-2012-3864", "CVE-2012-1987", "CVE-2012-3865"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864568", "href": "http://plugins.openvas.org/nasl.php?oid=864568", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-10897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 16\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084309.html\");\n script_id(864568);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 11:17:43 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-3866\", \"CVE-2012-3864\", \"CVE-2012-3865\", \"CVE-2012-3867\",\n \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1053\",\n \"CVE-2012-1054\", \"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-10897\");\n script_name(\"Fedora Update for puppet FEDORA-2012-10897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.17~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-10897", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3867", "CVE-2012-1053", "CVE-2012-1988", "CVE-2012-3866", "CVE-2012-1986", "CVE-2012-1054", "CVE-2011-3872", "CVE-2012-3864", "CVE-2012-1987", "CVE-2012-3865"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864568", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864568", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-10897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084309.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864568\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 11:17:43 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-3866\", \"CVE-2012-3864\", \"CVE-2012-3865\", \"CVE-2012-3867\",\n \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1053\",\n \"CVE-2012-1054\", \"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-10897\");\n script_name(\"Fedora Update for puppet FEDORA-2012-10897\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.17~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:04:21", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2011-11)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120501", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120501\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 11:27:12 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2011-11)\");\n script_tag(name:\"insight\", value:\"Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.\");\n script_tag(name:\"solution\", value:\"Run yum update puppet to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2011-11.html\");\n script_cve_id(\"CVE-2011-3871\", \"CVE-2011-3870\", \"CVE-2011-3869\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"puppet-server\", rpm:\"puppet-server~2.6.6~3.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"puppet-debuginfo\", rpm:\"puppet-debuginfo~2.6.6~3.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:41", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1223-1", "cvss3": {}, "published": "2011-10-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1223-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840763", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840763", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1223_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1223-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1223-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840763\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-04 16:55:13 +0200 (Tue, 04 Oct 2011)\");\n script_xref(name:\"USN\", value:\"1223-1\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_name(\"Ubuntu Update for puppet USN-1223-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1223-1\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Puppet unsafely opened files when the k5login type\n is used to manage files. A local attacker could exploit this to overwrite\n arbitrary files which could be used to escalate privileges. (CVE-2011-3869)\n\n Ricky Zhou discovered that Puppet did not drop privileges when creating\n SSH authorized_keys files. A local attacker could exploit this to overwrite\n arbitrary files as root. (CVE-2011-3870)\n\n It was discovered that Puppet used a predictable filename when using the --edit resource.\n A local attacker could exploit this to edit arbitrary files or run arbitrary code as the\n user invoking the program, typically root. (CVE-2011-3871)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1223-2", "cvss3": {}, "published": "2011-10-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1223-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840766", "href": "http://plugins.openvas.org/nasl.php?oid=840766", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1223_2.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for puppet USN-1223-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on\n Ubuntu 10.04 LTS that caused permission denied errors when managing SSH\n authorized_keys files with Puppet. This update fixes the problem.\n\n We apologize for the inconvenience.\n \n Original advisory details:\n \n It was discovered that Puppet unsafely opened files when the k5login type\n is used to manage files. A local attacker could exploit this to overwrite\n arbitrary files which could be used to escalate privileges. (CVE-2011-3869)\n \n Ricky Zhou discovered that Puppet did not drop privileges when creating\n SSH authorized_keys files. A local attacker could exploit this to overwrite\n arbitrary files as root. (CVE-2011-3870)\n \n It was discovered that Puppet used a predictable filename when using the\n --edit resource. A local attacker could exploit this to edit arbitrary\n files or run arbitrary code as the user invoking the program, typically\n root. (CVE-2011-3871)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1223-2\";\ntag_affected = \"puppet on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1223-2/\");\n script_id(840766);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_xref(name: \"USN\", value: \"1223-2\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_name(\"Ubuntu Update for puppet USN-1223-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:26:27", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1223-1", "cvss3": {}, "published": "2011-10-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1223-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840763", "href": "http://plugins.openvas.org/nasl.php?oid=840763", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1223_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for puppet USN-1223-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Puppet unsafely opened files when the k5login type\n is used to manage files. A local attacker could exploit this to overwrite\n arbitrary files which could be used to escalate privileges. (CVE-2011-3869)\n\n Ricky Zhou discovered that Puppet did not drop privileges when creating\n SSH authorized_keys files. A local attacker could exploit this to overwrite\n arbitrary files as root. (CVE-2011-3870)\n \n It was discovered that Puppet used a predictable filename when using the\n --edit resource. A local attacker could exploit this to edit arbitrary\n files or run arbitrary code as the user invoking the program, typically\n root. (CVE-2011-3871)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1223-1\";\ntag_affected = \"puppet on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1223-1/\");\n script_id(840763);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-04 16:55:13 +0200 (Tue, 04 Oct 2011)\");\n script_xref(name: \"USN\", value: \"1223-1\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_name(\"Ubuntu Update for puppet USN-1223-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:30", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13623", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:863950", "href": "http://plugins.openvas.org/nasl.php?oid=863950", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13623\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 16\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html\");\n script_id(863950);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:37:57 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-13623\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13623\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:44", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1223-2", "cvss3": {}, "published": "2011-10-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1223-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840766", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840766", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1223_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1223-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1223-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840766\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_xref(name:\"USN\", value:\"1223-2\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_name(\"Ubuntu Update for puppet USN-1223-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1223-2\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on\n Ubuntu 10.04 LTS that caused permission denied errors when managing SSH\n authorized_keys files with Puppet. This update fixes the problem.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n It was discovered that Puppet unsafely opened files when the k5login type\n is used to manage files. A local attacker could exploit this to overwrite\n arbitrary files which could be used to escalate privileges. (CVE-2011-3869)\n\n Ricky Zhou discovered that Puppet did not drop privileges when creating\n SSH authorized_keys files. A local attacker could exploit this to overwrite\n arbitrary files as root. (CVE-2011-3870)\n\n It was discovered that Puppet used a predictable filename when using the --edit resource.\n A local attacker could exploit this to edit arbitrary files or run arbitrary code as the\n user invoking the program, typically root. (CVE-2011-3871)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-13623", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863950", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863950", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-13623\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863950\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:37:57 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3870\", \"CVE-2011-3869\", \"CVE-2011-3871\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-13623\");\n script_name(\"Fedora Update for puppet FEDORA-2011-13623\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.6~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2018-01-08T12:58:18", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-2415", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:863896", "href": "http://plugins.openvas.org/nasl.php?oid=863896", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2415\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 16\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075035.html\");\n script_id(863896);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:30:32 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-2415\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2415\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-2415", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054", "CVE-2011-3872"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863896", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863896", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2415\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075035.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863896\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:30:32 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-2415\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2415\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:27", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2451-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2451-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1906", "CVE-2012-1987"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71255", "href": "http://plugins.openvas.org/nasl.php?oid=71255", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2451_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2451-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2012-1906\n\nPuppet is using predictable temporary file names when downloading\nMac OS X package files. This allows a local attacker to either\noverwrite arbitrary files on the system or to install an arbitrary\npackage.\n\nCVE-2012-1986\n\nWhen handling requests for a file from a remote filebucket, puppet\ncan be tricked into overwriting its defined location for filebucket\nstorage. This allows an authorized attacker with access to the puppet\nmaster to read arbitrary files.\n\nCVE-2012-1987\n\nPuppet is incorrectly handling filebucket store requests. This allows\nan attacker to perform denial of service attacks against puppet by\nresource exhaustion.\n\nCVE-2012-1988\n\nPuppet is incorrectly handling filebucket requests. This allows an\nattacker with access to the certificate on the agent and an unprivileged\naccount on puppet master to execute arbitrary code via crafted file\npath names and making a filebucket request.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.13-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.13-1.\n\nWe recommend that you upgrade your puppet packages.\";\ntag_summary = \"The remote host is missing an update to puppet\nannounced via advisory DSA 2451-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202451-1\";\n\nif(description)\n{\n script_id(71255);\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:56:51 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2451-1 (puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.13-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:34", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2451-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2451-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1906", "CVE-2012-1987"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071255", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071255", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2451_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2451-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71255\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:56:51 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2451-1 (puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202451-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2012-1906\n\nPuppet is using predictable temporary file names when downloading\nMac OS X package files. This allows a local attacker to either\noverwrite arbitrary files on the system or to install an arbitrary\npackage.\n\nCVE-2012-1986\n\nWhen handling requests for a file from a remote filebucket, puppet\ncan be tricked into overwriting its defined location for filebucket\nstorage. This allows an authorized attacker with access to the puppet\nmaster to read arbitrary files.\n\nCVE-2012-1987\n\nPuppet is incorrectly handling filebucket store requests. This allows\nan attacker to perform denial of service attacks against puppet by\nresource exhaustion.\n\nCVE-2012-1988\n\nPuppet is incorrectly handling filebucket requests. This allows an\nattacker with access to the certificate on the agent and an unprivileged\naccount on puppet master to execute arbitrary code via crafted file\npath names and making a filebucket request.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.13-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.13-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your puppet packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to puppet\nannounced via advisory DSA 2451-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.13-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:30", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: puppet", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1906", "CVE-2012-1989", "CVE-2012-1987"], "modified": "2017-04-10T00:00:00", "id": "OPENVAS:71278", "href": "http://plugins.openvas.org/nasl.php?oid=71278", "sourceData": "#\n#VID 607d2108-a0e4-423a-bf78-846f2a8f01b0\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 607d2108-a0e4-423a-bf78-846f2a8f01b0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: puppet\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://puppetlabs.com/security/cve/cve-2012-1906/\nhttp://puppetlabs.com/security/cve/cve-2012-1986/\nhttp://puppetlabs.com/security/cve/cve-2012-1987/\nhttp://puppetlabs.com/security/cve/cve-2012-1988/\nhttp://puppetlabs.com/security/cve/cve-2012-1989/\nhttp://www.vuxml.org/freebsd/607d2108-a0e4-423a-bf78-846f2a8f01b0.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71278);\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 5912 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-10 11:01:51 +0200 (Mon, 10 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: puppet\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"puppet\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7.12_1\")<0) {\n txt += \"Package puppet version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:55", "description": "The remote host is missing updates announced in\nadvisory GLSA 201208-02.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201208-02 (Puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1906", "CVE-2012-1989", "CVE-2012-1987"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71852", "href": "http://plugins.openvas.org/nasl.php?oid=71852", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.\";\ntag_solution = \"All Puppet users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.13'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201208-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=410857\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201208-02.\";\n\n \n \nif(description)\n{\n script_id(71852);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:52 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201208-02 (Puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-admin/puppet\", unaffected: make_list(\"ge 2.7.13\"), vulnerable: make_list(\"lt 2.7.13\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:20:40", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1419-1", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1419-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1906", "CVE-2012-1989", "CVE-2012-1987"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840981", "href": "http://plugins.openvas.org/nasl.php?oid=840981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1419_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for puppet USN-1419-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Puppet used a predictable filename when downloading Mac\n OS X package files. A local attacker could exploit this to overwrite arbitrary\n files. (CVE-2012-1906)\n\n It was discovered that Puppet incorrectly handled filebucket retrieval\n requests. A local attacker could exploit this to read arbitrary files.\n (CVE-2012-1986)\n\n It was discovered that Puppet incorrectly handled filebucket store requests. A\n local attacker could exploit this to perform a denial of service via resource\n exhaustion. (CVE-2012-1987)\n\n It was discovered that Puppet incorrectly handled filebucket requests. A local\n attacker could exploit this to execute arbitrary code via a crafted file path.\n (CVE-2012-1988)\n\n It was discovered that Puppet used a predictable filename for the Telnet\n connection log file. A local attacker could exploit this to overwrite arbitrary\n files. This issue only affected Ubuntu 11.10. (CVE-2012-1989)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1419-1\";\ntag_affected = \"puppet on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1419-1/\");\n script_id(840981);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:33:28 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\",\n \"CVE-2012-1989\");\n script_xref(name: \"USN\", value: \"1419-1\");\n script_name(\"Ubuntu Update for puppet USN-1419-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.1-1ubuntu3.6\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.9\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:57", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1419-1", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1419-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1906", "CVE-2012-1989", "CVE-2012-1987"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1419_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1419-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1419-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840981\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:33:28 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\",\n \"CVE-2012-1989\");\n script_xref(name:\"USN\", value:\"1419-1\");\n script_name(\"Ubuntu Update for puppet USN-1419-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1419-1\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Puppet used a predictable filename when downloading Mac\n OS X package files. A local attacker could exploit this to overwrite arbitrary\n files. (CVE-2012-1906)\n\n It was discovered that Puppet incorrectly handled filebucket retrieval\n requests. A local attacker could exploit this to read arbitrary files.\n (CVE-2012-1986)\n\n It was discovered that Puppet incorrectly handled filebucket store requests. A\n local attacker could exploit this to perform a denial of service via resource\n exhaustion. (CVE-2012-1987)\n\n It was discovered that Puppet incorrectly handled filebucket requests. A local\n attacker could exploit this to execute arbitrary code via a crafted file path.\n (CVE-2012-1988)\n\n It was discovered that Puppet used a predictable filename for the Telnet\n connection log file. A local attacker could exploit this to overwrite arbitrary\n files. This issue only affected Ubuntu 11.10. (CVE-2012-1989)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.1-1ubuntu3.6\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.9\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:03", "description": "The remote host is missing updates announced in\nadvisory GLSA 201208-02.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201208-02 (Puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1906", "CVE-2012-1989", "CVE-2012-1987"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071852", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071852", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201208_02.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71852\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:52 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201208-02 (Puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All Puppet users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.13'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201208-02\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=410857\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201208-02.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-admin/puppet\", unaffected: make_list(\"ge 2.7.13\"), vulnerable: make_list(\"lt 2.7.13\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:20", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: puppet", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1988", "CVE-2012-1986", "CVE-2012-1906", "CVE-2012-1989", "CVE-2012-1987"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:136141256231071278", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071278", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_puppet.nasl 14170 2019-03-14 09:24:12Z cfischer $\n#\n# Auto generated from VID 607d2108-a0e4-423a-bf78-846f2a8f01b0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71278\");\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 14170 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 10:24:12 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: puppet\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1906/\");\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1986/\");\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1987/\");\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1988/\");\n script_xref(name:\"URL\", value:\"http://puppetlabs.com/security/cve/cve-2012-1989/\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/607d2108-a0e4-423a-bf78-846f2a8f01b0.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"puppet\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7.12_1\")<0) {\n txt += \"Package puppet version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:21:01", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1372-1", "cvss3": {}, "published": "2012-03-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1372-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840907", "href": "http://plugins.openvas.org/nasl.php?oid=840907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1372_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for puppet USN-1372-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Puppet did not drop privileges when executing\n commands as different users. If an attacker had control of the execution\n manifests or the executed command, this could be used to execute code with\n elevated group permissions (typically root). (CVE-2012-1053)\n\n It was discovered that Puppet unsafely opened files when the k5login type\n is used to manage files. A local attacker could exploit this to overwrite\n arbitrary files and escalate privileges. (CVE-2012-1054)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1372-1\";\ntag_affected = \"puppet on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1372-1/\");\n script_id(840907);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 18:56:11 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name: \"USN\", value: \"1372-1\");\n script_name(\"Ubuntu Update for puppet USN-1372-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.8\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:01", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-2325", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:864430", "href": "http://plugins.openvas.org/nasl.php?oid=864430", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2325\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 17\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075087.html\");\n script_id(864430);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:30 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-2325\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2325\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:49", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2419-1.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2419-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71147", "href": "http://plugins.openvas.org/nasl.php?oid=71147", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2419_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2419-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\nCVE-2012-1053\nPuppet runs execs with an unintended group privileges,\npotentially leading to privilege escalation.\n\nCVE-2012-1054\nThe k5login type writes to untrusted locations,\nenabling local users to escalate their privileges\nif the k5login type is used.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.7.11-1.\n\nWe recommend that you upgrade your puppet packages.\";\ntag_summary = \"The remote host is missing an update to puppet\nannounced via advisory DSA 2419-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202419-1\";\n\nif(description)\n{\n script_id(71147);\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:32:34 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Debian Security Advisory DSA 2419-1 (puppet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.11-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:33", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1372-1", "cvss3": {}, "published": "2012-03-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1372-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1372_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1372-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1372-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840907\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 18:56:11 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"USN\", value:\"1372-1\");\n script_name(\"Ubuntu Update for puppet USN-1372-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1372-1\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Puppet did not drop privileges when executing\n commands as different users. If an attacker had control of the execution\n manifests or the executed command, this could be used to execute code with\n elevated group permissions (typically root). (CVE-2012-1053)\n\n It was discovered that Puppet unsafely opened files when the k5login type\n is used to manage files. A local attacker could exploit this to overwrite\n arbitrary files and escalate privileges. (CVE-2012-1054)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.8\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:48", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2419-1.", "cvss3": {}, "published": "2012-03-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2419-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071147", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071147", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2419_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2419-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71147\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:32:34 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Debian Security Advisory DSA 2419-1 (puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202419-1\");\n script_tag(name:\"insight\", value:\"Two vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\nCVE-2012-1053\nPuppet runs execs with an unintended group privileges,\npotentially leading to privilege escalation.\n\nCVE-2012-1054\nThe k5login type writes to untrusted locations,\nenabling local users to escalate their privileges\nif the k5login type is used.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.7.11-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your puppet packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to puppet\nannounced via advisory DSA 2419-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.11-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2012-2325", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864430", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2012-2325\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075087.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864430\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:30 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-2325\");\n script_name(\"Fedora Update for puppet FEDORA-2012-2325\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:03:23", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-53)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120414", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120414\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:25:51 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-53)\");\n script_tag(name:\"insight\", value:\"Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.\");\n script_tag(name:\"solution\", value:\"Run yum update puppet to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-53.html\");\n script_cve_id(\"CVE-2012-1054\", \"CVE-2012-1053\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"puppet-server\", rpm:\"puppet-server~2.6.14~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.14~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"puppet-debuginfo\", rpm:\"puppet-debuginfo~2.6.14~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:03:38", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-75)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1986"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120145", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120145\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:33 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-75)\");\n script_tag(name:\"insight\", value:\"Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.\");\n script_tag(name:\"solution\", value:\"Run yum update puppet to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-75.html\");\n script_cve_id(\"CVE-2012-1986\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"puppet-debuginfo\", rpm:\"puppet-debuginfo~2.6.16~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.16~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"puppet-server\", rpm:\"puppet-server~2.6.16~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:50:32", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2352-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2352-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70566", "href": "http://plugins.openvas.org/nasl.php?oid=70566", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2352_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2352-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Puppet, a centralized configuration management\nsolution, misgenerated certificates if the certdnsnames option was\nused. This could lead to man in the middle attacks. More details are\navailable at http://puppetlabs.com/security/cve/cve-2011-3872/\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.24.5-3+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.6-1.\n\nWe recommend that you upgrade your puppet packages.\";\ntag_summary = \"The remote host is missing an update to puppet\nannounced via advisory DSA 2352-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202352-1\";\n\nif(description)\n{\n script_id(70566);\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2011-3872\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:31:41 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2352-1 (puppet)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"0.24.5-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"0.24.5-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:33", "description": "Check for the Version of puppet", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-14880", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:863778", "href": "http://plugins.openvas.org/nasl.php?oid=863778", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-14880\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"puppet on Fedora 16\";\ntag_insight = \"Puppet lets you centrally manage every important aspect of your system using a\n cross-platform specification language that manages all the separate elements\n normally aggregated in different files, like users, cron jobs, and hosts,\n along with obviously discrete elements like packages, services, and files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069440.html\");\n script_id(863778);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:15:11 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-14880\");\n script_name(\"Fedora Update for puppet FEDORA-2011-14880\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of puppet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:49", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1238-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1238-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840783", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840783", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1238_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1238-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1238-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840783\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1238-1\");\n script_cve_id(\"CVE-2011-3872\");\n script_name(\"Ubuntu Update for puppet USN-1238-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1238-1\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Puppet incorrectly handled the non-default\n 'certdnsnames' option when generating certificates. If this setting was\n added to puppet.conf, the puppet master's DNS alt names were added to the\n X.509 Subject Alternative Name field of all certificates, not just the\n puppet master's certificate. An attacker that has an incorrect agent\n certificate in his possession can use it to impersonate the puppet master\n in a man-in-the-middle attack.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2011-14880", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863778", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863778", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2011-14880\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069440.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863778\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:15:11 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-14880\");\n script_name(\"Fedora Update for puppet FEDORA-2011-14880\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~2.6.12~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-12-04T11:27:25", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1238-2", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1238-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840784", "href": "http://plugins.openvas.org/nasl.php?oid=840784", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1238_2.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for puppet USN-1238-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a\n regression in Ubuntu 11.04 when executing certain commands. This update\n fixes the problem.\n\n We apologize for the inconvenience.\n \n Original advisory details:\n \n It was discovered that Puppet incorrectly handled the non-default\n &quot;certdnsnames&quot; option when generating certificates. If this setting was\n added to puppet.conf, the puppet master&#8217;s DNS alt names were added to the\n X.509 Subject Alternative Name field of all certificates, not just the\n puppet master&#8217;s certificate. An attacker that has an incorrect agent\n certificate in his possession can use it to impersonate the puppet master\n in a man-in-the-middle attack.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1238-2\";\ntag_affected = \"puppet on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1238-2/\");\n script_id(840784);\n script_cve_id(\"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_xref(name: \"USN\", value: \"1238-2\");\n script_name(\"Ubuntu Update for puppet USN-1238-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:26:31", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1238-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1238-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840783", "href": "http://plugins.openvas.org/nasl.php?oid=840783", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1238_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for puppet USN-1238-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Puppet incorrectly handled the non-default\n &quot;certdnsnames&quot; option when generating certificates. If this setting was\n added to puppet.conf, the puppet master&#8217;s DNS alt names were added to the\n X.509 Subject Alternative Name field of all certificates, not just the\n puppet master&#8217;s certificate. An attacker that has an incorrect agent\n certificate in his possession can use it to impersonate the puppet master\n in a man-in-the-middle attack.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1238-1\";\ntag_affected = \"puppet on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1238-1/\");\n script_id(840783);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1238-1\");\n script_cve_id(\"CVE-2011-3872\");\n script_name(\"Ubuntu Update for puppet USN-1238-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:27", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1238-2", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1238-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840784", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840784", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1238_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1238-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1238-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840784\");\n script_cve_id(\"CVE-2011-3872\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_xref(name:\"USN\", value:\"1238-2\");\n script_name(\"Ubuntu Update for puppet USN-1238-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1238-2\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a\n regression in Ubuntu 11.04 when executing certain commands. This update\n fixes the problem.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n It was discovered that Puppet incorrectly handled the non-default\n 'certdnsnames' option when generating certificates. If this setting was\n added to puppet.conf, the puppet master's DNS alt names were added to the\n X.509 Subject Alternative Name field of all certificates, not just the\n puppet master's certificate. An attacker that has an incorrect agent\n certificate in his possession can use it to impersonate the puppet master\n in a man-in-the-middle attack.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.6\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:41", "description": "The remote host is missing an update to puppet\nannounced via advisory DSA 2352-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2352-1 (puppet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070566", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070566", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2352_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2352-1 (puppet)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70566\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2011-3872\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:31:41 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2352-1 (puppet)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202352-1\");\n script_tag(name:\"insight\", value:\"It was discovered that Puppet, a centralized configuration management\nsolution, misgenerated certificates if the certdnsnames option was\nused. This could lead to man in the middle attacks.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.24.5-3+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.6-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your puppet packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to puppet\nannounced via advisory DSA 2352-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"0.24.5-3+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"0.24.5-3+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.6.2-5+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-12-04T11:27:13", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1217-1", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1217-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840757", "href": "http://plugins.openvas.org/nasl.php?oid=840757", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1217_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for puppet USN-1217-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kristian Erik Hermansen discovered a directory traversal vulnerability in\n the SSLFile indirection base class. A remote attacker could exploit this to\n overwrite files with the privileges of the Puppet Master.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1217-1\";\ntag_affected = \"puppet on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1217-1/\");\n script_id(840757);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_xref(name: \"USN\", value: \"1217-1\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2011-3848\");\n script_name(\"Ubuntu Update for puppet USN-1217-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:04", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1217-1", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for puppet USN-1217-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840757", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840757", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1217_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for puppet USN-1217-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1217-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840757\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)\");\n script_xref(name:\"USN\", value:\"1217-1\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2011-3848\");\n script_name(\"Ubuntu Update for puppet USN-1217-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1217-1\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Kristian Erik Hermansen discovered a directory traversal vulnerability in\n the SSLFile indirection base class. A remote attacker could exploit this to\n overwrite files with the privileges of the Puppet Master.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.1-0ubuntu2.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"0.25.4-2ubuntu6.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.6.4-2ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:51:07", "description": "The remote host is missing an update to gajim\nannounced via advisory DSA 2453-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2453-1 (gajim)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2093", "CVE-2012-1987", "CVE-2012-2085", "CVE-2012-2086"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71257", "href": "http://plugins.openvas.org/nasl.php?oid=71257", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2453_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2453-1 (gajim)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in gajim, a feature-rich\njabber client. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2012-1987\n\ngajim is not properly sanitizing input before passing it to shell\ncommands. An attacker can use this flaw to execute arbitrary code\non behalf of the victim if the user e.g. clicks on a specially crafted\nURL in an instant message.\n\nCVE-2012-2093\n\ngajim is using predictable temporary files in an insecure manner when\nconverting instant messages containing LaTeX to images. A local\nattacker can use this flaw to conduct symlink attacks and overwrite\nfiles the victim has write access to.\n\nCVE-2012-2086\n\ngajim is not properly sanitizing input when logging conversations\nwhich results in the possibility to conduct SQL injection attacks.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.13.4-3+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.15-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.15-1.\n\nWe recommend that you upgrade your gajim packages.\";\ntag_summary = \"The remote host is missing an update to gajim\nannounced via advisory DSA 2453-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202453-1\";\n\nif(description)\n{\n script_id(71257);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2093\", \"CVE-2012-2086\", \"CVE-2012-2085\", \"CVE-2012-1987\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:57:35 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2453-1 (gajim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"gajim\", ver:\"0.13.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gajim\", ver:\"0.15-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing an update to gajim\nannounced via advisory DSA 2453-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2453-1 (gajim)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2093", "CVE-2012-1987", "CVE-2012-2085", "CVE-2012-2086"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071257", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071257", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2453_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2453-1 (gajim)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2093\", \"CVE-2012-2086\", \"CVE-2012-2085\", \"CVE-2012-1987\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:57:35 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2453-1 (gajim)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202453-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in gajim, a feature-rich\njabber client. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2012-1987\n\ngajim is not properly sanitizing input before passing it to shell\ncommands. An attacker can use this flaw to execute arbitrary code\non behalf of the victim if the user e.g. clicks on a specially crafted\nURL in an instant message.\n\nCVE-2012-2093\n\ngajim is using predictable temporary files in an insecure manner when\nconverting instant messages containing LaTeX to images. A local\nattacker can use this flaw to conduct symlink attacks and overwrite\nfiles the victim has write access to.\n\nCVE-2012-2086\n\ngajim is not properly sanitizing input when logging conversations\nwhich results in the possibility to conduct SQL injection attacks.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.13.4-3+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.15-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.15-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your gajim packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to gajim\nannounced via advisory DSA 2453-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"gajim\", ver:\"0.13.4-3+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gajim\", ver:\"0.15-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:49:53", "description": "Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks (CVE-2011-3872). \n\nNote: If you've set the 'certdnsnames' option in your master's puppet.conf file merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents.\n\nPlease refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for detailed instructions and scripts. \n\nPuppetlabs' site also provides more information:\nhttp://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announcement-altnames-vu lnerability/\n\n--\n\nDirectory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848)\n\nPuppet was prone to several symlink attacks (CVE-2011-3870, CVE-2011-3869, CVE-2011-3871)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_PUPPET-111110.NASL", "href": "https://www.tenable.com/plugins/nessus/75715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update puppet-5403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75715);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)\");\n script_summary(english:\"Check for the puppet-5403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet's certificate authority issued Puppet agent certificates\ncapable of impersonating the Puppet master. Compromised or rogue\npuppet agents could therefore use their certificates for MITM attacks\n(CVE-2011-3872). \n\nNote: If you've set the 'certdnsnames' option in your master's\npuppet.conf file merely installing the updated packages is not\nsufficient to fix this problem. You need to either pick a new DNS name\nfor the master and reconfigure all agents to use it or re-new\ncertificates on all agents.\n\nPlease refer to the documentation in\n/usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for\ndetailed instructions and scripts. \n\nPuppetlabs' site also provides more information:\nhttp://puppetlabs.com/security/cve/cve-2011-3872/faq/\nhttp://puppetlabs.com/blog/important-security-announcement-altnames-vu\nlnerability/\n\n--\n\nDirectory traversal vulnerability in puppet allowed unauthenticated\nremote attackers to upload x.509 certificate signing requests to\narbitrary locations (CVE-2011-3848)\n\nPuppet was prone to several symlink attacks (CVE-2011-3870,\nCVE-2011-3869, CVE-2011-3871)\"\n );\n # http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c17e853\"\n );\n # http://puppetlabs.com/security/cve/cve-2011-3872/faq/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2011-3872/faq\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"puppet-0.25.4-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"puppet-server-0.25.4-4.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:31", "description": "Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks (CVE-2011-3872). \n\nNote: If you've set the 'certdnsnames' option in your master's puppet.conf file merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents.\n\nPlease refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for detailed instructions and scripts. \n\nPuppetlabs' site also provides more information:\nhttp://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announcement-altnames-vu lnerability/\n\n--\n\nDirectory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848)\n\nPuppet was prone to several symlink attacks (CVE-2011-3870, CVE-2011-3869, CVE-2011-3871)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_PUPPET-111110.NASL", "href": "https://www.tenable.com/plugins/nessus/75999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update puppet-5403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75999);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)\");\n script_summary(english:\"Check for the puppet-5403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet's certificate authority issued Puppet agent certificates\ncapable of impersonating the Puppet master. Compromised or rogue\npuppet agents could therefore use their certificates for MITM attacks\n(CVE-2011-3872). \n\nNote: If you've set the 'certdnsnames' option in your master's\npuppet.conf file merely installing the updated packages is not\nsufficient to fix this problem. You need to either pick a new DNS name\nfor the master and reconfigure all agents to use it or re-new\ncertificates on all agents.\n\nPlease refer to the documentation in\n/usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for\ndetailed instructions and scripts. \n\nPuppetlabs' site also provides more information:\nhttp://puppetlabs.com/security/cve/cve-2011-3872/faq/\nhttp://puppetlabs.com/blog/important-security-announcement-altnames-vu\nlnerability/\n\n--\n\nDirectory traversal vulnerability in puppet allowed unauthenticated\nremote attackers to upload x.509 certificate signing requests to\narbitrary locations (CVE-2011-3848)\n\nPuppet was prone to several symlink attacks (CVE-2011-3870,\nCVE-2011-3869, CVE-2011-3871)\"\n );\n # http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c17e853\"\n );\n # http://puppetlabs.com/security/cve/cve-2011-3872/faq/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2011-3872/faq\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-2.6.4-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-server-2.6.4-4.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:23", "description": "The following security issues have been fixed :\n\n - Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master.\n Compromised or rogue puppet agents could therefore use their certificates for MITM attacks. (CVE-2011-3872)\n\n Note: If you've set the 'certdnsnames' option in your master's puppet.conf file merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents.\n\n Please refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.\n 0.5 for detailed instructions and scripts.\n\n Puppetlabs' site also provides more information:\n http://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announceme nt-altnames-vulnerability/\n\n - Directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations.\n (CVE-2011-3848)\n\n - Puppet was prone to several symlink attacks (CVE-2011-3870 / CVE-2011-3869 / CVE-2011-3871)", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : puppet (SAT Patch Number 5421)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:puppet", "p-cpe:/a:novell:suse_linux:11:puppet-server", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PUPPET-111111.NASL", "href": "https://www.tenable.com/plugins/nessus/57129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57129);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\");\n\n script_name(english:\"SuSE 11.1 Security Update : puppet (SAT Patch Number 5421)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues have been fixed :\n\n - Puppet's certificate authority issued Puppet agent\n certificates capable of impersonating the Puppet master.\n Compromised or rogue puppet agents could therefore use\n their certificates for MITM attacks. (CVE-2011-3872)\n\n Note: If you've set the 'certdnsnames' option in your\n master's puppet.conf file merely installing the updated\n packages is not sufficient to fix this problem. You need\n to either pick a new DNS name for the master and\n reconfigure all agents to use it or re-new certificates\n on all agents.\n\n Please refer to the documentation in\n /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.\n 0.5 for detailed instructions and scripts.\n\n Puppetlabs' site also provides more information:\n http://puppetlabs.com/security/cve/cve-2011-3872/faq/\n http://puppetlabs.com/blog/important-security-announceme\n nt-altnames-vulnerability/\n\n - Directory traversal vulnerability in puppet allowed\n unauthenticated remote attackers to upload x.509\n certificate signing requests to arbitrary locations.\n (CVE-2011-3848)\n\n - Puppet was prone to several symlink attacks\n (CVE-2011-3870 / CVE-2011-3869 / CVE-2011-3871)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3870.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3872.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5421.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"puppet-2.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"puppet-2.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-2.6.12-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-server-2.6.12-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:56", "description": "The remote host is affected by the vulnerability described in GLSA-201203-03 (Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A local attacker could gain elevated privileges, or access and modify arbitrary files. Furthermore, a remote attacker may be able to spoof a Puppet Master or write X.509 Certificate Signing Requests to arbitrary locations.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-06T00:00:00", "type": "nessus", "title": "GLSA-201203-03 : Puppet: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3564", "CVE-2010-0156", "CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:puppet", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201203-03.NASL", "href": "https://www.tenable.com/plugins/nessus/58213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58213);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3564\", \"CVE-2010-0156\", \"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\", \"CVE-2011-3872\", \"CVE-2012-1053\", \"CVE-2012-1054\");\n script_bugtraq_id(36628, 38474, 49860, 49909, 50356, 52158);\n script_xref(name:\"GLSA\", value:\"201203-03\");\n\n script_name(english:\"GLSA-201203-03 : Puppet: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-03\n(Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Puppet. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker could gain elevated privileges, or access and modify\n arbitrary files. Furthermore, a remote attacker may be able to spoof a\n Puppet Master or write X.509 Certificate Signing Requests to arbitrary\n locations.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Puppet users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.11'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/puppet\", unaffected:make_list(\"ge 2.7.11\"), vulnerable:make_list(\"lt 2.7.11\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Puppet\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:26", "description": "- Fixed bnc#747657: CVE-2012-1053, CVE-2012-1054: improper privilege dropping and file handling flaws This was done by updating to the new version in stable branch. The stable branch receives only security fixes and this update does not provide any new features.\n\n - Fixed bnc#755869 CVE-2012-1988: Filebucket arbitrary code execution\n\n - Fixed bnc#755872 CVE-2012-1986: Arbitrary File Read\n\n - Fixed bnc#755870 CVE-2012-1987: Denial of Service\n\n - Fixed bnc#755871 CVE-2012-1989: Arbitrary File Write", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2012:0835-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:11.4"], "id": "OPENSUSE-2012-369.NASL", "href": "https://www.tenable.com/plugins/nessus/74671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-369.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74671);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2012:0835-1)\");\n script_summary(english:\"Check for the openSUSE-2012-369 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixed bnc#747657: CVE-2012-1053, CVE-2012-1054: improper\n privilege dropping and file handling flaws This was done\n by updating to the new version in stable branch. The\n stable branch receives only security fixes and this\n update does not provide any new features.\n\n - Fixed bnc#755869 CVE-2012-1988: Filebucket arbitrary\n code execution\n\n - Fixed bnc#755872 CVE-2012-1986: Arbitrary File Read\n\n - Fixed bnc#755870 CVE-2012-1987: Denial of Service\n\n - Fixed bnc#755871 CVE-2012-1989: Arbitrary File Write\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-07/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-2.6.16-4.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-server-2.6.16-4.23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:50", "description": "Multiple security issues have been discovered in Puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X.509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.\n\n - CVE-2011-3870 Ricky Zhou discovered a potential local privilege escalation in the ssh_authorized_keys resource and theoretically in the Solaris and AIX providers, where file ownership was given away before it was written, leading to a possibility for a user to overwrite arbitrary files as root, if their authorized_keys file was managed.\n\n - CVE-2011-3869 A predictable file name in the k5login type leads to the possibility of symlink attacks which would allow the owner of the home directory to symlink to anything on the system, and have it replaced with the'correct' content of the file, which can lead to a privilege escalation on puppet runs.\n\n - CVE-2011-3871 A potential local privilege escalation was found in the\n --edit mode of 'puppet resource' due to a persistent, predictable file name, which can result in editing an arbitrary target file, and thus be be tricked into running that arbitrary file as the invoking user. This command is most commonly run as root, this leads to a potential privilege escalation.\n\nAdditionally, this update hardens the indirector file backed terminus base class against injection attacks based on trusted path names.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-04T00:00:00", "type": "nessus", "title": "Debian DSA-2314-1 : puppet - multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puppet", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2314.NASL", "href": "https://www.tenable.com/plugins/nessus/56381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2314. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56381);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3848\", \"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_bugtraq_id(49860, 49909);\n script_xref(name:\"DSA\", value:\"2314\");\n\n script_name(english:\"Debian DSA-2314-1 : puppet - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2011-3848\n Kristian Erik Hermansen reported that an unauthenticated\n directory traversal could drop any valid X.509\n Certificate Signing Request at any location on disk,\n with the privileges of the Puppet Master application.\n\n - CVE-2011-3870\n Ricky Zhou discovered a potential local privilege\n escalation in the ssh_authorized_keys resource and\n theoretically in the Solaris and AIX providers, where\n file ownership was given away before it was written,\n leading to a possibility for a user to overwrite\n arbitrary files as root, if their authorized_keys file\n was managed.\n\n - CVE-2011-3869\n A predictable file name in the k5login type leads to the\n possibility of symlink attacks which would allow the\n owner of the home directory to symlink to anything on\n the system, and have it replaced with the'correct'\n content of the file, which can lead to a privilege\n escalation on puppet runs.\n\n - CVE-2011-3871\n A potential local privilege escalation was found in the\n --edit mode of 'puppet resource' due to a persistent,\n predictable file name, which can result in editing an\n arbitrary target file, and thus be be tricked into\n running that arbitrary file as the invoking user. This\n command is most commonly run as root, this leads to a\n potential privilege escalation.\n\nAdditionally, this update hardens the indirector file backed terminus\nbase class against injection attacks based on trusted path names.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2314\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the puppet packages.\n\nFor the oldstable distribution (lenny), this problem will be fixed\nsoon.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"puppet\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-common\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-el\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-testsuite\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppetmaster\", reference:\"2.6.2-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vim-puppet\", reference:\"2.6.2-5+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:24", "description": "This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-30T00:00:00", "type": "nessus", "title": "Fedora 15 : puppet-2.6.16-1.fc15 (2012-6055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-6055.NASL", "href": "https://www.tenable.com/plugins/nessus/58911", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6055.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58911);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_bugtraq_id(52975);\n script_xref(name:\"FEDORA\", value:\"2012-6055\");\n\n script_name(english:\"Fedora 15 : puppet-2.6.16-1.fc15 (2012-6055)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues recently found in puppet\nrelated to filebucket functionality. For full details, refer to the\nupstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810071\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad5feabe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"puppet-2.6.16-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:30", "description": "This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-30T00:00:00", "type": "nessus", "title": "Fedora 16 : puppet-2.6.16-1.fc16 (2012-5999)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-5999.NASL", "href": "https://www.tenable.com/plugins/nessus/58909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5999.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58909);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_bugtraq_id(52975);\n script_xref(name:\"FEDORA\", value:\"2012-5999\");\n\n script_name(english:\"Fedora 16 : puppet-2.6.16-1.fc16 (2012-5999)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues recently found in puppet\nrelated to filebucket functionality. For full details, refer to the\nupstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810071\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b35c7a5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"puppet-2.6.16-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:24", "description": "With Fedora 17 using ruby-1.9.3, an update to puppet-2.7, which has improved support for ruby-1.9, is required. Note that ruby-1.9 is not fully supported in the puppet-2.7 series. Where possible, patches from the next upstream release branch will be backported to improve ruby-1.9 compatibility.\n\nAlso note that there will likely be issues when connecting to a puppet-2.6 master. This is unavoidable for the moment. Normally all Fedora and EPEL branches are kept in sync to avoid this problem. At this time, a decision to move all branches to 2.7 has not been made.\n\nThis update obsoletes puppet-2.6.16, which fixed several security issues recently found in puppet related to filebucket functionality.\nFor full details, refer to the upstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-07T00:00:00", "type": "nessus", "title": "Fedora 17 : puppet-2.7.13-1.fc17 (2012-6674)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-6674.NASL", "href": "https://www.tenable.com/plugins/nessus/59000", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6674.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59000);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_bugtraq_id(52975);\n script_xref(name:\"FEDORA\", value:\"2012-6674\");\n\n script_name(english:\"Fedora 17 : puppet-2.7.13-1.fc17 (2012-6674)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With Fedora 17 using ruby-1.9.3, an update to puppet-2.7, which has\nimproved support for ruby-1.9, is required. Note that ruby-1.9 is not\nfully supported in the puppet-2.7 series. Where possible, patches from\nthe next upstream release branch will be backported to improve\nruby-1.9 compatibility.\n\nAlso note that there will likely be issues when connecting to a\npuppet-2.6 master. This is unavoidable for the moment. Normally all\nFedora and EPEL branches are kept in sync to avoid this problem. At\nthis time, a decision to move all branches to 2.7 has not been made.\n\nThis update obsoletes puppet-2.6.16, which fixed several security\nissues recently found in puppet related to filebucket functionality.\nFor full details, refer to the upstream release notes :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.7.13\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810071\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28868bfb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"puppet-2.7.13-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:37", "description": "The following vulnerabilities have been discovered and fixed :\n\n - CVE-2011-3870, a symlink attack via a user's SSH authorized_keys file\n\n - CVE-2011-3869, a symlink attack via a user's .k5login file\n\n - CVE-2011-3871, a privilege escalation attack via the temp file used by the puppet resource application\n\n - A low-risk file indirector injection attack\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-announce/browse_thread/thread/91 e3b46d2328a1cb A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-17T00:00:00", "type": "nessus", "title": "Fedora 14 : puppet-2.6.6-3.fc14 (2011-13633)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-13633.NASL", "href": "https://www.tenable.com/plugins/nessus/56516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13633.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56516);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_xref(name:\"FEDORA\", value:\"2011-13633\");\n\n script_name(english:\"Fedora 14 : puppet-2.6.6-3.fc14 (2011-13633)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities have been discovered and fixed :\n\n - CVE-2011-3870, a symlink attack via a user's SSH\n authorized_keys file\n\n - CVE-2011-3869, a symlink attack via a user's .k5login\n file\n\n - CVE-2011-3871, a privilege escalation attack via the\n temp file used by the puppet resource application\n\n - A low-risk file indirector injection attack\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-announce/browse_thread/thread/91\ne3b46d2328a1cb A vulnerability was discovered in puppet that would\nallow an attacker to install a valid X509 Certificate Signing Request\nat any location on disk, with the privileges of the Puppet Master\napplication. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56b35af7\"\n );\n # http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b2f8e47\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77854d50\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"puppet-2.6.6-3.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:41", "description": "The following vulnerabilities have been discovered and fixed :\n\n - CVE-2011-3870, a symlink attack via a user's SSH authorized_keys file\n\n - CVE-2011-3869, a symlink attack via a user's .k5login file\n\n - CVE-2011-3871, a privilege escalation attack via the temp file used by the puppet resource application\n\n - A low-risk file indirector injection attack\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-announce/browse_thread/thread/91 e3b46d2328a1cb A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-17T00:00:00", "type": "nessus", "title": "Fedora 15 : puppet-2.6.6-3.fc15 (2011-13636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-13636.NASL", "href": "https://www.tenable.com/plugins/nessus/56517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13636.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56517);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_xref(name:\"FEDORA\", value:\"2011-13636\");\n\n script_name(english:\"Fedora 15 : puppet-2.6.6-3.fc15 (2011-13636)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities have been discovered and fixed :\n\n - CVE-2011-3870, a symlink attack via a user's SSH\n authorized_keys file\n\n - CVE-2011-3869, a symlink attack via a user's .k5login\n file\n\n - CVE-2011-3871, a privilege escalation attack via the\n temp file used by the puppet resource application\n\n - A low-risk file indirector injection attack\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-announce/browse_thread/thread/91\ne3b46d2328a1cb A vulnerability was discovered in puppet that would\nallow an attacker to install a valid X509 Certificate Signing Request\nat any location on disk, with the privileges of the Puppet Master\napplication. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56b35af7\"\n );\n # http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b2f8e47\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2415d0f7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"puppet-2.6.6-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:50", "description": "USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorized_keys files with Puppet. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges.\n(CVE-2011-3869)\n\nRicky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root.\n(CVE-2011-3870)\n\nIt was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root.\n(CVE-2011-3871).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-06T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : puppet regression (USN-1223-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:puppet-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1223-2.NASL", "href": "https://www.tenable.com/plugins/nessus/56406", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1223-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56406);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_xref(name:\"USN\", value:\"1223-2\");\n\n script_name(english:\"Ubuntu 10.04 LTS : puppet regression (USN-1223-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on\nUbuntu 10.04 LTS that caused permission denied errors when managing\nSSH authorized_keys files with Puppet. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that Puppet unsafely opened files when the k5login\ntype is used to manage files. A local attacker could exploit this to\noverwrite arbitrary files which could be used to escalate privileges.\n(CVE-2011-3869)\n\nRicky Zhou discovered that Puppet did not drop privileges\nwhen creating SSH authorized_keys files. A local attacker\ncould exploit this to overwrite arbitrary files as root.\n(CVE-2011-3870)\n\nIt was discovered that Puppet used a predictable filename\nwhen using the --edit resource. A local attacker could\nexploit this to edit arbitrary files or run arbitrary code\nas the user invoking the program, typically root.\n(CVE-2011-3871).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1223-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"puppet-common\", pkgver:\"0.25.4-2ubuntu6.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:40", "description": "The following vulnerabilities have been discovered and fixed :\n\n - CVE-2011-3870, a symlink attack via a user's SSH authorized_keys file\n\n - CVE-2011-3869, a symlink attack via a user's .k5login file\n\n - CVE-2011-3871, a privilege escalation attack via the temp file used by the puppet resource application\n\n - A low-risk file indirector injection attack\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-announce/browse_thread/thread/91 e3b46d2328a1cb A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce 2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-17T00:00:00", "type": "nessus", "title": "Fedora 16 : puppet-2.6.6-3.fc16 (2011-13623)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-13623.NASL", "href": "https://www.tenable.com/plugins/nessus/56515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13623.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56515);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_xref(name:\"FEDORA\", value:\"2011-13623\");\n\n script_name(english:\"Fedora 16 : puppet-2.6.6-3.fc16 (2011-13623)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities have been discovered and fixed :\n\n - CVE-2011-3870, a symlink attack via a user's SSH\n authorized_keys file\n\n - CVE-2011-3869, a symlink attack via a user's .k5login\n file\n\n - CVE-2011-3871, a privilege escalation attack via the\n temp file used by the puppet resource application\n\n - A low-risk file indirector injection attack\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-announce/browse_thread/thread/91\ne3b46d2328a1cb A vulnerability was discovered in puppet that would\nallow an attacker to install a valid X509 Certificate Signing Request\nat any location on disk, with the privileges of the Puppet Master\napplication. For Fedora and EPEL, this is the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue. A vulnerability was discovered in\npuppet that would allow an attacker to install a valid X509\nCertificate Signing Request at any location on disk, with the\nprivileges of the Puppet Master application. For Fedora and EPEL, this\nis the puppet user.\n\nFurther details can be found in the upstream announcement :\n\nhttp://groups.google.com/group/puppet-users/browse_thread/thread/e57ce\n2740feb9406\n\nUnless you enable puppet's listen mode on clients, only the puppet\nmaster is vulnerable to this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56b35af7\"\n );\n # http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b2f8e47\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75c1bcfb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"puppet-2.6.6-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:45", "description": "It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges.\n(CVE-2011-3869)\n\nRicky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. (CVE-2011-3870)\n\nIt was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. (CVE-2011-3871).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-03T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerabilities (USN-1223-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:puppet-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1223-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56375", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1223-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56375);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_xref(name:\"USN\", value:\"1223-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerabilities (USN-1223-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Puppet unsafely opened files when the k5login\ntype is used to manage files. A local attacker could exploit this to\noverwrite arbitrary files which could be used to escalate privileges.\n(CVE-2011-3869)\n\nRicky Zhou discovered that Puppet did not drop privileges when\ncreating SSH authorized_keys files. A local attacker could exploit\nthis to overwrite arbitrary files as root. (CVE-2011-3870)\n\nIt was discovered that Puppet used a predictable filename when using\nthe --edit resource. A local attacker could exploit this to edit\narbitrary files or run arbitrary code as the user invoking the\nprogram, typically root. (CVE-2011-3871).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1223-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"puppet-common\", pkgver:\"0.25.4-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"puppet-common\", pkgver:\"2.6.1-0ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"puppet-common\", pkgver:\"2.6.4-2ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-10-16T02:06:46", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.\n\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.\n\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : puppet (ALAS-2011-11)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:puppet", "p-cpe:/a:amazon:linux:puppet-debuginfo", "p-cpe:/a:amazon:linux:puppet-server", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-11.NASL", "href": "https://www.tenable.com/plugins/nessus/69570", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-11.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69570);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-3869\", \"CVE-2011-3870\", \"CVE-2011-3871\");\n script_xref(name:\"ALAS\", value:\"2011-11\");\n\n script_name(english:\"Amazon Linux AMI : puppet (ALAS-2011-11)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when\nrunning in --edit mode, uses a predictable file name, which allows\nlocal users to run arbitrary Puppet code or trick a user into editing\narbitrary files.\n\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows\nlocal users to modify the permissions of arbitrary files via a symlink\nattack on the SSH authorized_keys file.\n\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows\nlocal users to overwrite arbitrary files via a symlink attack on the\n.k5login file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-11.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update puppet' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"puppet-2.6.6-3.2.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-debuginfo-2.6.6-3.2.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-server-2.6.6-3.2.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-debuginfo / puppet-server\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:43", "description": "Several vulnerabilities have been discovered in Puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2012-1906 Puppet is using predictable temporary file names when downloading Mac OS X package files. This allows a local attacker to either overwrite arbitrary files on the system or to install an arbitrary package.\n\n - CVE-2012-1986 When handling requests for a file from a remote filebucket, Puppet can be tricked into overwriting its defined location for filebucket storage. This allows an authorized attacker with access to the Puppet master to read arbitrary files.\n\n - CVE-2012-1987 Puppet is incorrectly handling filebucket store requests. This allows an attacker to perform denial of service attacks against Puppet by resource exhaustion.\n\n - CVE-2012-1988 Puppet is incorrectly handling filebucket requests. This allows an attacker with access to the certificate on the agent and an unprivileged account on Puppet master to execute arbitrary code via crafted file path names and making a filebucket request.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-16T00:00:00", "type": "nessus", "title": "Debian DSA-2451-1 : puppet - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puppet", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2451.NASL", "href": "https://www.tenable.com/plugins/nessus/58753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2451. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58753);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\");\n script_bugtraq_id(52975);\n script_xref(name:\"DSA\", value:\"2451\");\n\n script_name(english:\"Debian DSA-2451-1 : puppet - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2012-1906\n Puppet is using predictable temporary file names when\n downloading Mac OS X package files. This allows a local\n attacker to either overwrite arbitrary files on the\n system or to install an arbitrary package.\n\n - CVE-2012-1986\n When handling requests for a file from a remote\n filebucket, Puppet can be tricked into overwriting its\n defined location for filebucket storage. This allows an\n authorized attacker with access to the Puppet master to\n read arbitrary files.\n\n - CVE-2012-1987\n Puppet is incorrectly handling filebucket store\n requests. This allows an attacker to perform denial of\n service attacks against Puppet by resource exhaustion.\n\n - CVE-2012-1988\n Puppet is incorrectly handling filebucket requests. This\n allows an attacker with access to the certificate on the\n agent and an unprivileged account on Puppet master to\n execute arbitrary code via crafted file path names and\n making a filebucket request.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2451\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the puppet packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"puppet\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-common\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-el\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-testsuite\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppetmaster\", reference:\"2.6.2-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vim-puppet\", reference:\"2.6.2-5+squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:58", "description": "puppet was prone to several security issues", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2012:0608-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-269.NASL", "href": "https://www.tenable.com/plugins/nessus/74620", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-269.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74620);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2012:0608-1)\");\n script_summary(english:\"Check for the openSUSE-2012-269 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"puppet was prone to several security issues\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"puppet-2.7.6-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"puppet-server-2.7.6-1.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:29", "description": "The remote host is affected by the vulnerability described in GLSA-201208-02 (Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in Puppet:\n Puppet uses predictable file names for temporary files (CVE-2012-1906).\n REST requests for a file in a remote filebucket are not handled properly by overriding filebucket storage locations (CVE-2012-1986).\n REST requests for a file in a remote filebucket are not handled properly by reading streams or writing files on the Puppet master's file system (CVE-2012-1987).\n File name paths are not properly sanitized from bucket requests (CVE-2012-1988).\n The Telnet utility in Puppet does not handle temporary files securely (CVE-2012-1989).\n Impact :\n\n A local attacker with access to agent SSL keys could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or perform symlink attacks to overwrite or read arbitrary files on the Puppet master.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-15T00:00:00", "type": "nessus", "title": "GLSA-201208-02 : Puppet: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:puppet", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201208-02.NASL", "href": "https://www.tenable.com/plugins/nessus/61541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201208-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61541);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_bugtraq_id(52975);\n script_xref(name:\"GLSA\", value:\"201208-02\");\n\n script_name(english:\"GLSA-201208-02 : Puppet: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201208-02\n(Puppet: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in Puppet:\n Puppet uses predictable file names for temporary files\n (CVE-2012-1906).\n REST requests for a file in a remote filebucket are not handled\n properly by overriding filebucket storage locations (CVE-2012-1986).\n REST requests for a file in a remote filebucket are not handled\n properly by reading streams or writing files on the Puppet master's\n file system (CVE-2012-1987).\n File name paths are not properly sanitized from bucket requests\n (CVE-2012-1988).\n The Telnet utility in Puppet does not handle temporary files securely\n (CVE-2012-1989).\n \nImpact :\n\n A local attacker with access to agent SSL keys could possibly execute\n arbitrary code with the privileges of the process, cause a Denial of\n Service condition, or perform symlink attacks to overwrite or read\n arbitrary files on the Puppet master.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201208-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Puppet users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.13'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/puppet\", unaffected:make_list(\"ge 2.7.13\"), vulnerable:make_list(\"lt 2.7.13\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Puppet\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:56:07", "description": "This update fixes the following issues :\n\n - Filebucket arbitrary file read. (CVE-2011-1986)\n\n - Filebucket DoS. (CVE-2012-1987)\n\n - Filebucket arbitrary code execution. (CVE-2012-1988)\n\n - insecure handling of temporary files. (CVE-2012-1989)", "cvss3": {"score": null, "vector": null}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : puppet (SAT Patch Number 6115)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1986", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:puppet", "p-cpe:/a:novell:suse_linux:11:puppet-server", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PUPPET-120411.NASL", "href": "https://www.tenable.com/plugins/nessus/64217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64217);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1986\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n\n script_name(english:\"SuSE 11.1 Security Update : puppet (SAT Patch Number 6115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following issues :\n\n - Filebucket arbitrary file read. (CVE-2011-1986)\n\n - Filebucket DoS. (CVE-2012-1987)\n\n - Filebucket arbitrary code execution. (CVE-2012-1988)\n\n - insecure handling of temporary files. (CVE-2012-1989)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1986.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1986.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1987.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1988.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1989.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6115.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"puppet-2.6.12-0.14.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"puppet-2.6.12-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-2.6.12-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-server-2.6.12-0.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:44", "description": "It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. (CVE-2012-1906)\n\nIt was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files.\n(CVE-2012-1986)\n\nIt was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. (CVE-2012-1987)\n\nIt was discovered that Puppet incorrectly handled filebucket requests.\nA local attacker could exploit this to execute arbitrary code via a crafted file path. (CVE-2012-1988)\n\nIt was discovered that Puppet used a predictable filename for the Telnet connection log file. A local attacker could exploit this to overwrite arbitrary files. This issue only affected Ubuntu 11.10.\n(CVE-2012-1989).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-11T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 : puppet vulnerabilities (USN-1419-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:puppet-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1419-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1419-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58680);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n script_xref(name:\"USN\", value:\"1419-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 : puppet vulnerabilities (USN-1419-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Puppet used a predictable filename when\ndownloading Mac OS X package files. A local attacker could exploit\nthis to overwrite arbitrary files. (CVE-2012-1906)\n\nIt was discovered that Puppet incorrectly handled filebucket retrieval\nrequests. A local attacker could exploit this to read arbitrary files.\n(CVE-2012-1986)\n\nIt was discovered that Puppet incorrectly handled filebucket store\nrequests. A local attacker could exploit this to perform a denial of\nservice via resource exhaustion. (CVE-2012-1987)\n\nIt was discovered that Puppet incorrectly handled filebucket requests.\nA local attacker could exploit this to execute arbitrary code via a\ncrafted file path. (CVE-2012-1988)\n\nIt was discovered that Puppet used a predictable filename for the\nTelnet connection log file. A local attacker could exploit this to\noverwrite arbitrary files. This issue only affected Ubuntu 11.10.\n(CVE-2012-1989).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1419-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"puppet-common\", pkgver:\"0.25.4-2ubuntu6.7\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"puppet-common\", pkgver:\"2.6.4-2ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"puppet-common\", pkgver:\"2.7.1-1ubuntu3.6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:42", "description": "Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-11T00:00:00", "type": "nessus", "title": "FreeBSD : puppet -- Multiple Vulnerabilities (607d2108-a0e4-423a-bf78-846f2a8f01b0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:puppet", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_607D2108A0E4423ABF78846F2A8F01B0.NASL", "href": "https://www.tenable.com/plugins/nessus/58670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58670);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1906\", \"CVE-2012-1986\", \"CVE-2012-1987\", \"CVE-2012-1988\", \"CVE-2012-1989\");\n\n script_name(english:\"FreeBSD : puppet -- Multiple Vulnerabilities (607d2108-a0e4-423a-bf78-846f2a8f01b0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities exist in puppet that can result in arbitrary\ncode execution, arbitrary file read access, denial of service, and\narbitrary file write access. Please review the details in each of the\nCVEs for additional information.\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1906/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1906\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1986/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1986\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1987/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1987\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1988/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1988\"\n );\n # http://puppetlabs.com/security/cve/cve-2012-1989/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2012-1989\"\n );\n # https://vuxml.freebsd.org/freebsd/607d2108-a0e4-423a-bf78-846f2a8f01b0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77b95470\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"puppet>2.7.*<2.7.12_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:54", "description": "Two vulnerabilities were discovered in Puppet, a centralized configuration management tool.\n\n - CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation.\n\n - CVE-2012-1054 The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-28T00:00:00", "type": "nessus", "title": "Debian DSA-2419-1 : puppet - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puppet", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2419.NASL", "href": "https://www.tenable.com/plugins/nessus/58136", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2419. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58136);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_bugtraq_id(52158);\n script_xref(name:\"DSA\", value:\"2419\");\n\n script_name(english:\"Debian DSA-2419-1 : puppet - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\n - CVE-2012-1053\n Puppet runs execs with an unintended group privileges,\n potentially leading to privilege escalation.\n\n - CVE-2012-1054\n The k5login type writes to untrusted locations, enabling\n local users to escalate their privileges if the k5login\n type is used.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2419\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the puppet packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"puppet\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-common\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-el\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-testsuite\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppetmaster\", reference:\"2.6.2-5+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vim-puppet\", reference:\"2.6.2-5+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:54", "description": "Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-12T00:00:00", "type": "nessus", "title": "Fedora 15 : puppet-2.6.14-1.fc15 (2012-2367)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-2367.NASL", "href": "https://www.tenable.com/plugins/nessus/58306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2367.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58306);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"FEDORA\", value:\"2012-2367\");\n\n script_name(english:\"Fedora 15 : puppet-2.6.14-1.fc15 (2012-2367)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791002\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bee1b063\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"puppet-2.6.14-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T02:06:11", "description": "Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.\n\nThe change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : puppet (ALAS-2012-53)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:puppet", "p-cpe:/a:amazon:linux:puppet-debuginfo", "p-cpe:/a:amazon:linux:puppet-server", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-53.NASL", "href": "https://www.tenable.com/plugins/nessus/69660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-53.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69660);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"ALAS\", value:\"2012-53\");\n\n script_name(english:\"Amazon Linux AMI : puppet (ALAS-2012-53)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet\nEnterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when\nmanaging a user login file with the k5login resource type, allows\nlocal users to gain privileges via a symlink attack on .k5login.\n\nThe change_user method in the SUIDManager\n(lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and\n2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x,\n2.0.x before 2.0.3 does not properly manage group privileges, which\nallows local users to gain privileges via vectors related to (1) the\nchange_user not dropping supplementary groups in certain conditions,\n(2) changes to the eguid without associated changes to the egid, or\n(3) the addition of the real gid to supplementary groups.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-53.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update puppet' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"puppet-2.6.14-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-debuginfo-2.6.14-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-server-2.6.14-1.5.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-debuginfo / puppet-server\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:49", "description": "Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-12T00:00:00", "type": "nessus", "title": "Fedora 17 : puppet-2.6.14-1.fc17 (2012-2325)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-2325.NASL", "href": "https://www.tenable.com/plugins/nessus/58305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2325.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58305);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"FEDORA\", value:\"2012-2325\");\n\n script_name(english:\"Fedora 17 : puppet-2.6.14-1.fc17 (2012-2325)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791002\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5511994f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"puppet-2.6.14-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:49", "description": "This update of puppet fixes two vulnerabilities that could potentially be exploited by local attackers to escalate privileges due to improper privilege dropping and file handling issues (symlink flaws) in puppet.\n(CVE-2012-1053 / CVE-2012-1054)", "cvss3": {"score": null, "vector": null}, "published": "2012-03-05T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : puppet (SAT Patch Number 5876)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:puppet", "p-cpe:/a:novell:suse_linux:11:puppet-server", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PUPPET-120224.NASL", "href": "https://www.tenable.com/plugins/nessus/58203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58203);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n\n script_name(english:\"SuSE 11.1 Security Update : puppet (SAT Patch Number 5876)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of puppet fixes two vulnerabilities that could potentially\nbe exploited by local attackers to escalate privileges due to improper\nprivilege dropping and file handling issues (symlink flaws) in puppet.\n(CVE-2012-1053 / CVE-2012-1054)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1054.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5876.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"puppet-2.6.12-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"puppet-2.6.12-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-2.6.12-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"puppet-server-2.6.12-0.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:56", "description": "It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root).\n(CVE-2012-1053)\n\nIt was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. (CVE-2012-1054).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-24T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : puppet vulnerabilities (USN-1372-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:puppet-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1372-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1372-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58118);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_bugtraq_id(52158);\n script_xref(name:\"USN\", value:\"1372-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : puppet vulnerabilities (USN-1372-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Puppet did not drop privileges when executing\ncommands as different users. If an attacker had control of the\nexecution manifests or the executed command, this could be used to\nexecute code with elevated group permissions (typically root).\n(CVE-2012-1053)\n\nIt was discovered that Puppet unsafely opened files when the k5login\ntype is used to manage files. A local attacker could exploit this to\noverwrite arbitrary files and escalate privileges. (CVE-2012-1054).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1372-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"puppet-common\", pkgver:\"0.25.4-2ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"puppet-common\", pkgver:\"2.6.1-0ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"puppet-common\", pkgver:\"2.6.4-2ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"puppet-common\", pkgver:\"2.7.1-1ubuntu3.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:55", "description": "Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-12T00:00:00", "type": "nessus", "title": "Fedora 16 : puppet-2.6.14-1.fc16 (2012-2415)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-2415.NASL", "href": "https://www.tenable.com/plugins/nessus/58307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2415.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58307);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1053\", \"CVE-2012-1054\");\n script_xref(name:\"FEDORA\", value:\"2012-2415\");\n\n script_name(english:\"Fedora 16 : puppet-2.6.14-1.fc16 (2012-2415)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Please refer to the upstream release notes for details :\n\nhttp://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.6.14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=791002\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/075035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04337b32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"puppet-2.6.14-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T02:06:24", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : puppet (ALAS-2012-75)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1986"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:puppet", "p-cpe:/a:amazon:linux:puppet-debuginfo", "p-cpe:/a:amazon:linux:puppet-server", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-75.NASL", "href": "https://www.tenable.com/plugins/nessus/69682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-75.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69682);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-1986\");\n script_xref(name:\"ALAS\", value:\"2012-75\");\n\n script_name(english:\"Amazon Linux AMI : puppet (ALAS-2012-75)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet\nEnterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1\nallows remote authenticated users with an authorized SSL key and\ncertain permissions on the puppet master to read arbitrary files via a\nsymlink attack in conjunction with a crafted REST request for a file\nin a filebucket.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-75.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update puppet' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"puppet-2.6.16-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-debuginfo-2.6.16-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet-server-2.6.16-1.6.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-debuginfo / puppet-server\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:59:18", "description": "A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master. To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates. This setting is not set by default in the Fedora/EPEL packages.\n\nThis update closes the vulnerability in newly generated certificates, but cannot prevent existing certificates from being used to exploit the vulnerability. Please refer to the upstream documentation for more details on mitigation and remediation of this issue, if you have generate certificates that are vulnerable to this issue :\n\nhttp://puppetlabs.com/security/cve/CVE-2011-3872/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Fedora 15 : puppet-2.6.12-1.fc15 (2011-14994)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-14994.NASL", "href": "https://www.tenable.com/plugins/nessus/56889", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14994.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56889);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2011-14994\");\n\n script_name(english:\"Fedora 15 : puppet-2.6.12-1.fc15 (2011-14994)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in puppet's SSL certificate handling could allow nodes with a\nvalid certificate to impersonate the puppet master. To be vulnerable,\na user would have had to set the certdnsnames variable and generated\ncertificates. This setting is not set by default in the Fedora/EPEL\npackages.\n\nThis update closes the vulnerability in newly generated certificates,\nbut cannot prevent existing certificates from being used to exploit\nthe vulnerability. Please refer to the upstream documentation for more\ndetails on mitigation and remediation of this issue, if you have\ngenerate certificates that are vulnerable to this issue :\n\nhttp://puppetlabs.com/security/cve/CVE-2011-3872/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://puppetlabs.com/security/cve/CVE-2011-3872/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2011-3872\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069454.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24068467\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"puppet-2.6.12-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:59:18", "description": "A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master. To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates. This setting is not set by default in the Fedora/EPEL packages.\n\nThis update closes the vulnerability in newly generated certificates, but cannot prevent existing certificates from being used to exploit the vulnerability. Please refer to the upstream documentation for more details on mitigation and remediation of this issue, if you have generate certificates that are vulnerable to this issue :\n\nhttp://puppetlabs.com/security/cve/CVE-2011-3872/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Fedora 16 : puppet-2.6.12-1.fc16 (2011-14880)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-14880.NASL", "href": "https://www.tenable.com/plugins/nessus/56888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14880.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56888);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2011-14880\");\n\n script_name(english:\"Fedora 16 : puppet-2.6.12-1.fc16 (2011-14880)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in puppet's SSL certificate handling could allow nodes with a\nvalid certificate to impersonate the puppet master. To be vulnerable,\na user would have had to set the certdnsnames variable and generated\ncertificates. This setting is not set by default in the Fedora/EPEL\npackages.\n\nThis update closes the vulnerability in newly generated certificates,\nbut cannot prevent existing certificates from being used to exploit\nthe vulnerability. Please refer to the upstream documentation for more\ndetails on mitigation and remediation of this issue, if you have\ngenerate certificates that are vulnerable to this issue :\n\nhttp://puppetlabs.com/security/cve/CVE-2011-3872/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://puppetlabs.com/security/cve/CVE-2011-3872/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2011-3872\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069440.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8143d0e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"puppet-2.6.12-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:59:38", "description": "It was discovered that Puppet incorrectly handled the non-default 'certdnsnames' option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-25T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : puppet vulnerability (USN-1238-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:puppet-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1238-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56630", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1238-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56630);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3872\");\n script_xref(name:\"USN\", value:\"1238-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : puppet vulnerability (USN-1238-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Puppet incorrectly handled the non-default\n'certdnsnames' option when generating certificates. If this setting\nwas added to puppet.conf, the puppet master's DNS alt names were\nadded to the X.509 Subject Alternative Name field of all certificates,\nnot just the puppet master's certificate. An attacker that has an\nincorrect agent certificate in his possession can use it to\nimpersonate the puppet master in a man-in-the-middle attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1238-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"puppet-common\", pkgver:\"0.25.4-2ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"puppet-common\", pkgver:\"2.6.1-0ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"puppet-common\", pkgver:\"2.6.4-2ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"puppet-common\", pkgver:\"2.7.1-1ubuntu3.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:59:23", "description": "It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the 'certdnsnames' option was used. This could lead to man in the middle attacks. More details are available on the Puppet website.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-23T00:00:00", "type": "nessus", "title": "Debian DSA-2352-1 : puppet - programming error", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puppet", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2352.NASL", "href": "https://www.tenable.com/plugins/nessus/56923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2352. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56923);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3872\");\n script_bugtraq_id(50356);\n script_xref(name:\"DSA\", value:\"2352\");\n\n script_name(english:\"Debian DSA-2352-1 : puppet - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Puppet, a centralized configuration management\nsolution, misgenerated certificates if the 'certdnsnames' option was\nused. This could lead to man in the middle attacks. More details are\navailable on the Puppet website.\"\n );\n # http://puppetlabs.com/security/cve/cve-2011-3872/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2011-3872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2352\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the puppet packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.24.5-3+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"puppet\", reference:\"0.24.5-3+lenny2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet\", reference:\"2.6.2-5+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-common\", reference:\"2.6.2-5+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-el\", reference:\"2.6.2-5+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppet-testsuite\", reference:\"2.6.2-5+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"puppetmaster\", reference:\"2.6.2-5+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"vim-puppet\", reference:\"2.6.2-5+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-03-27T15:00:20", "description": "A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master. To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates. This setting is not set by default in the Fedora/EPEL packages.\n\nThis update closes the vulnerability in newly generated certificates, but cannot prevent existing certificates from being used to exploit the vulnerability. Please refer to the upstream documentation for more details on mitigation and remediation of this issue, if you have generate certificates that are vulnerable to this issue :\n\nhttp://puppetlabs.com/security/cve/CVE-2011-3872/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Fedora 14 : puppet-2.6.12-1.fc14 (2011-15000)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-15000.NASL", "href": "https://www.tenable.com/plugins/nessus/56890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-15000.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56890);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2011-15000\");\n\n script_name(english:\"Fedora 14 : puppet-2.6.12-1.fc14 (2011-15000)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in puppet's SSL certificate handling could allow nodes with a\nvalid certificate to impersonate the puppet master. To be vulnerable,\na user would have had to set the certdnsnames variable and generated\ncertificates. This setting is not set by default in the Fedora/EPEL\npackages.\n\nThis update closes the vulnerability in newly generated certificates,\nbut cannot prevent existing certificates from being used to exploit\nthe vulnerability. Please refer to the upstream documentation for more\ndetails on mitigation and remediation of this issue, if you have\ngenerate certificates that are vulnerable to this issue :\n\nhttp://puppetlabs.com/security/cve/CVE-2011-3872/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://puppetlabs.com/security/cve/CVE-2011-3872/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://puppet.com/security/cve/cve-2011-3872\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069488.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a43f542\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"puppet-2.6.12-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:59:48", "description": "Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-09-29T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerability (USN-1217-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:puppet-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1217-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1217-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56332);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3848\");\n script_xref(name:\"USN\", value:\"1217-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerability (USN-1217-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kristian Erik Hermansen discovered a directory traversal vulnerability\nin the SSLFile indirection base class. A remote attacker could exploit\nthis to overwrite files with the privileges of the Puppet Master.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1217-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"puppet-common\", pkgver:\"0.25.4-2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"puppet-common\", pkgver:\"2.6.1-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"puppet-common\", pkgver:\"2.6.4-2ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:55", "description": "A directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_PUPPET-111005.NASL", "href": "https://www.tenable.com/plugins/nessus/75998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update puppet-5243.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75998);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3848\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)\");\n script_summary(english:\"Check for the puppet-5243 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A directory traversal vulnerability in puppet allowed unauthenticated\nremote attackers to upload x.509 certificate signing requests to\narbitrary locations (CVE-2011-3848)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-2.6.4-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"puppet-server-2.6.4-4.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:33", "description": "A directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations (CVE-2011-3848)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3848"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:puppet", "p-cpe:/a:novell:opensuse:puppet-server", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_PUPPET-111005.NASL", "href": "https://www.tenable.com/plugins/nessus/75714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update puppet-5243.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75714);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3848\");\n\n script_name(english:\"openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)\");\n script_summary(english:\"Check for the puppet-5243 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A directory traversal vulnerability in puppet allowed unauthenticated\nremote attackers to upload x.509 certificate signing requests to\narbitrary locations (CVE-2011-3848)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"puppet-0.25.4-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"puppet-server-0.25.4-4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet / puppet-server\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-03-27T14:42:20", "description": "Several vulnerabilities have been discovered in Gajim, a feature-rich Jabber client. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2012-1987 Gajim is not properly sanitizing input before passing it to shell commands. An attacker can use this flaw to execute arbitrary code on behalf of the victim if the user e.g. clicks on a specially crafted URL in an instant message.\n\n - CVE-2012-2093 Gajim is using predictable temporary files in an insecure manner when converting instant messages containing LaTeX to images. A local attacker can use this flaw to conduct symlink attacks and overwrite files the victim has write access to.\n\n - CVE-2012-2086 Gajim is not properly sanitizing input when logging conversations which results in the possibility to conduct SQL injection attacks.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-17T00:00:00", "type": "nessus", "title": "Debian DSA-2453-1 : gajim - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1987", "CVE-2012-2085", "CVE-2012-2086", "CVE-2012-2093"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gajim", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2453.NASL", "href": "https://www.tenable.com/plugins/nessus/58766", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2453. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58766);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2085\", \"CVE-2012-2086\", \"CVE-2012-2093\");\n script_bugtraq_id(52943);\n script_xref(name:\"DSA\", value:\"2453\");\n\n script_name(english:\"Debian DSA-2453-1 : gajim - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Gajim, a feature-rich\nJabber client. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2012-1987\n Gajim is not properly sanitizing input before passing it\n to shell commands. An attacker can use this flaw to\n execute arbitrary code on behalf of the victim if the\n user e.g. clicks on a specially crafted URL in an\n instant message.\n\n - CVE-2012-2093\n Gajim is using predictable temporary files in an\n insecure manner when converting instant messages\n containing LaTeX to images. A local attacker can use\n this flaw to conduct symlink attacks and overwrite files\n the victim has write access to.\n\n - CVE-2012-2086\n Gajim is not properly sanitizing input when logging\n conversations which results in the possibility to\n conduct SQL injection attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/gajim\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2453\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gajim packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.13.4-3+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gajim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"gajim\", reference:\"0.13.4-3+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:13:06", "description": "### Background\n\nPuppet is a system configuration management tool written in Ruby.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could gain elevated privileges, or access and modify arbitrary files. Furthermore, a remote attacker may be able to spoof a Puppet Master or write X.509 Certificate Signing Requests to arbitrary locations. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Puppet users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/puppet-2.7.11\"", "cvss3": {}, "published": "2012-03-06T00:00:00", "type": "gentoo", "title": "Puppet: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3564", "CVE-2010-0156", "CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3872", "CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-06T00:00:00", "id": "GLSA-201203-03", "href": "https://security.gentoo.org/glsa/201203-03", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-17T19:12:32", "description": "### Background\n\nPuppet is a system configuration management tool written in Ruby.\n\n### Description\n\nMultiple vulnerabilities have been found in Puppet:\n\n * Puppet uses predictable file names for temporary files (CVE-2012-1906). \n * REST requests for a file in a remote filebucket are not handled properly by overriding filebucket storage locations (CVE-2012-1986). \n * REST requests for a file in a remote filebucket are not handled properly by reading streams or writing files on the Puppet master's file system (CVE-2012-1987). \n * File name paths are not properly sanitized from bucket requests (CVE-2012-1988). \n * The Telnet utility in Puppet does not handle temporary files securely (CVE-2012-1989). \n\n### Impact\n\nA local attacker with access to agent SSL keys could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or perform symlink attacks to overwrite or read arbitrary files on the Puppet master. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Puppet users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/puppet-2.7.13\"", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "gentoo", "title": "Puppet: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"], "modified": "2012-08-14T00:00:00", "id": "GLSA-201208-02", "href": "https://security.gentoo.org/glsa/201208-02", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T19:10:24", "description": "Multiple file overwrite vulnerabilities, certificates spooging.", "edition": 2, "cvss3": {}, "published": "2011-11-27T00:00:00", "title": "Puppet multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869", "CVE-2011-3872"], "modified": "2011-11-27T00:00:00", "id": "SECURITYVULNS:VULN:11934", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11934", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "==========================================================================\r\nUbuntu Security Notice USN-1223-1\r\nSeptember 30, 2011\r\n\r\npuppet vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nPuppet could be made to overwrite files and run programs with administrator\r\nprivileges.\r\n\r\nSoftware Description:\r\n- puppet: Centralized configuration management\r\n\r\nDetails:\r\n\r\nIt was discovered that Puppet unsafely opened files when the k5login type\r\nis used to manage files. A local attacker could exploit this to overwrite\r\narbitrary files which could be used to escalate privileges. &#40;CVE-2011-3869&#41;\r\n\r\nRicky Zhou discovered that Puppet did not drop privileges when creating\r\nSSH authorized_keys files. A local attacker could exploit this to overwrite\r\narbitrary files as root. &#40;CVE-2011-3870&#41;\r\n\r\nIt was discovered that Puppet used a predictable filename when using the\r\n--edit resource. A local attacker could exploit this to edit arbitrary\r\nfiles or run arbitrary code as the user invoking the program, typically\r\nroot. &#40;CVE-2011-3871&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n puppet-common 2.6.4-2ubuntu2.3\r\n\r\nUbuntu 10.10:\r\n puppet-common 2.6.1-0ubuntu2.2\r\n\r\nUbuntu 10.04 LTS:\r\n puppet-common 0.25.4-2ubuntu6.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1223-1\r\n CVE-2011-3869, CVE-2011-3870, CVE-2011-3871\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/puppet/2.6.4-2ubuntu2.3\r\n https://launchpad.net/ubuntu/+source/puppet/2.6.1-0ubuntu2.2\r\n https://launchpad.net/ubuntu/+source/puppet/0.25.4-2ubuntu6.3\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-01T00:00:00", "title": "[USN-1223-1] Puppet vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-3871", "CVE-2011-3870", "CVE-2011-3869"], "modified": "2011-10-01T00:00:00", "id": "SECURITYVULNS:DOC:27090", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27090", "cvss": {"score": 6.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2419-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nFebruary 27, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : puppet\r\nVulnerability : several\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2012-1053 CVE-2012-1054\r\n\r\nTwo vulnerabilities were discovered in Puppet, a centralized\r\nconfiguration management tool.\r\n\r\nCVE-2012-1053\r\n Puppet runs execs with an unintended group privileges,\r\n potentially leading to privilege escalation.\r\n\r\nCVE-2012-1054\r\n The k5login type writes to untrusted locations,\r\n enabling local users to escalate their privileges\r\n if the k5login type is used.\r\n\r\nFor the stable distribution &#40;squeeze&#41;, these problems have been fixed\r\nin version 2.6.2-5+squeeze4.\r\n\r\nFor the testing distribution &#40;wheezy&#41; and the unstable distribution\r\n&#40;sid&#41;, these problems have been fixed in version 2.7.11-1.\r\n\r\nWe recommend that you upgrade your puppet packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niQEcBAEBAgAGBQJPS+FdAAoJEL97/wQC1SS+ZQQIAJSwK65I2Zu3vbszCf0Ba+AP\r\nhVHLLNdyA56clrDwvqhIf7jncAY9BrkykVkML2fu8K8Zn8hn96r4GyZ1MkzWMBqK\r\nSmf4tZTEr1fD0QGbXLmHCZGMosdZVg6RJtBwhfwG8QNBYjspBBzaQ0kixHMHxiam\r\nKkYSuFcc1oLfVhJe0ubIIy30mIinaEpLQ6Sxhe75Cm8aIq7gUG60LSlxI5auKBZu\r\nw4U52CRdfZPd8I0UIswudD9hEW8Chr7hfq9yBiANXhB8lHyFMpf9nrUNhiC7oAtK\r\ni3GWGrKm71paTrS9aMva4c73/Mz9zqMlI905Nt0OgGJqMxqXbxOkE9YrjgKaQ5g=\r\n=90wL\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-03-09T00:00:00", "title": "[SECURITY] [DSA 2419-1] puppet security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-09T00:00:00", "id": "SECURITYVULNS:DOC:27729", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27729", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:46", "description": "Privilege escalation conditions.", "edition": 1, "cvss3": {}, "published": "2012-03-09T00:00:00", "title": "Puppet security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-09T00:00:00", "id": "SECURITYVULNS:VULN:12237", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12237", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2352-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nNovember 22, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : puppet\r\nVulnerability : programming error\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-3872 \r\n\r\nIt was discovered that Puppet, a centralized configuration management\r\nsolution, misgenerated certificates if the &quot;certdnsnames&quot; option was\r\nused. This could lead to man in the middle attacks. More details are\r\navailable at http://puppetlabs.com/security/cve/cve-2011-3872/ \r\n\r\nFor the oldstable distribution &#40;lenny&#41;, this problem has been fixed in\r\nversion 0.24.5-3+lenny2.\r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 2.6.2-5+squeeze3.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 2.7.6-1.\r\n\r\nWe recommend that you upgrade your puppet packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk7MDLQACgkQXm3vHE4uyloA2gCgiETrLCSBPjUsYwehwmjwB914\r\nS+cAn0xNvVbw52ofnuVFbEcSSElE8A39\r\n=Z7zc\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2011-11-27T00:00:00", "title": "[SECURITY] [DSA 2352-1] puppet security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-3872"], "modified": "2011-11-27T00:00:00", "id": "SECURITYVULNS:DOC:27360", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27360", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:46", "description": "Unescaped shell characters, symbolic links vulnerability, SQL injections.", "edition": 1, "cvss3": {}, "published": "2012-04-19T00:00:00", "title": "gajim jabber client multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-2093", "CVE-2012-1987", "CVE-2012-2086"], "modified": "2012-04-19T00:00:00", "id": "SECURITYVULNS:VULN:12327", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12327", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:44", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2453-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nApril 16, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : gajim\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE IDs : CVE-2012-2093 CVE-2012-2086 CVE-2012-2085\r\nDebian bug : 668038\r\n\r\nSeveral vulnerabilities have been discovered in gajim, a feature-rich\r\njabber client. The Common Vulnerabilities and Exposures project\r\nidentifies the following problems:\r\n\r\nCVE-2012-1987\r\n\r\n gajim is not properly sanitizing input before passing it to shell\r\n commands. An attacker can use this flaw to execute arbitrary code\r\n on behalf of the victim if the user e.g. clicks on a specially crafted\r\n URL in an instant message.\r\n\r\nCVE-2012-2093\r\n\r\n gajim is using predictable temporary files in an insecure manner when\r\n converting instant messages containing LaTeX to images. A local\r\n attacker can use this flaw to conduct symlink attacks and overwrite\r\n files the victim has write access to.\r\n\r\nCVE-2012-2086\r\n\r\n gajim is not properly sanitizing input when logging conversations\r\n which results in the possibility to conduct SQL injection attacks.\r\n\r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 0.13.4-3+squeeze2.\r\n\r\nFor the testing distribution &#40;wheezy&#41;, this problem has been fixed in\r\nversion 0.15-1.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 0.15-1.\r\n\r\nWe recommend that you upgrade your gajim packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk+LrNsACgkQHYflSXNkfP9GKACcDu4Zrmtq5e24RIxQMO2Mt/1J\r\nxxUAn2EN1XxsdvduTN4i/hHzyNpPCEqY\r\n=bkGL\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-04-19T00:00:00", "title": "[SECURITY] [DSA 2453-1] gajim security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-2093", "CVE-2012-1987", "CVE-2012-2085", "CVE-2012-2086"], "modified": "2012-04-19T00:00:00", "id": "SECURITYVULNS:DOC:27926", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27926", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2021-10-22T00:12:28", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-2314-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nOct 3, 2011 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : multiple\nProblem type : local/remote\nDebian-specific: no\nDebian bug : none\nCVE IDs : CVE-2011-3848 CVE-2011-3870 CVE-2011-3869 CVE-2011-3871\n\nMultiple security issues have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2011-3848\n\n Kristian Erik Hermansen reported that an unauthenticated\n directory traversal could drop any valid X.509 Certificate Signing\n Request at any location on disk, with the privileges of the Puppet\n Master application.\n\nCVE-2011-3870\n\n Ricky Zhou discovered a potential local privilege escalation in the\n ssh_authorized_keys resource and theoretically in the Solaris and\n AIX providers, where file ownership was given away before it was\n written, leading to a possibility for a user to overwrite arbitrary\n files as root, if their authorized_keys file was managed.\n\nCVE-2011-3869\n\n A predictable file name in the k5login type leads to the possibility\n of symlink attacks which would allow the owner of the home directory\n to symlink to anything on the system, and have it replaced with the\n &quot;correct&quot; content of the file, which can lead to a privilege escalation\n on puppet runs.\n\nCVE-2011-3871\n\n A potential local privilege escalation was found in the --edit mode\n of &#x27;puppet resource&#x27; due to a persistant, predictable file name,\n which can result in editing an arbitrary target file, and thus be\n be tricked into running that arbitrary file as the invoking\n user. This command is most commonly run as root, this leads to a\n potential privilege escalation.\n\n\nAdditionally, this update hardens the indirector file backed terminus base\nclass against injection attacks based on trusted path names.\n\n\nFor the oldstable distribution (lenny), this problem will be fixed soon.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\n\nFor the testing distribution (wheezy), this has been fixed in\nversion 2.7.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.3-3.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-10-03T17:13:49", "type": "debian", "title": "[SECURITY] [DSA 2314-1] puppet security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2011-10-03T17:13:49", "id": "DEBIAN:DSA-2314-1:D9918", "href": "https://lists.debian.org/debian-security-announce/2011/msg00191.html", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2022-06-27T06:00:56", "description": "\nMicah Anderson uploaded new packages for puppet which fixed the\nfollowing security problems:\n\nCVE-2011-3848=20\n Kristian Erik Hermansen reported that an unauthenticated\n directory traversal could drop any valid X.509 Certificate Signing\n Request at any location on disk, with the privileges of the Puppet\n Master application. This was found in the 2.7 series of Puppet, but\n the underlying vulnerability existed in earlier releases and could be\n accessed with different hostile inputs.\n\nCVE-2011-3870=20\n Ricky Zhou discovered a potential local privilege escalation in the\n ssh_authorized_keys resource and theoretically in the Solaris and AIX\n providers, where file ownership was given away before it was written,\n leading to a possibility for a user to overwrite arbitrary files as\n root, if their authorized_keys file was managed.\n\nCVE-2011-3869\n An insecure symlink attack could be made against the k5login type\n which would allow the owner of the home directory to symlink to\n anything on the system, and have it replaced with the =E2=80=9Ccorrect=E2=\n=80=9D\n content of the file, which can lead to a privilege escalation on\n puppet runs.\n\nCVE-2011-3871\n A potential local privilege escalation was found in the --edit mode of\n &#x27;puppet resource&#x27; due to a persistant, predictable file name, which\n can result in editing an arbitrary target file, and thus be be tricked\n into running that arbitrary file as the invoking user. This command is\n most commonly run as root, this leads to a potential privilege\n escalation.\n\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 2.7.1-1~bpo60+3.\n\nAttachment:\npgpeoI4d4aney.pgp\nDescription: PGP signature\n", "cvss3": {}, "published": "2011-10-03T14:58:37", "type": "debian", "title": "[BSA-051] Security update for puppet", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2011-10-03T14:58:37", "id": "DEBIAN:BSA-051:C9465", "href": "https://lists.debian.org/debian-backports-announce/2011/10/msg00002.html", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-10-21T23:58:36", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2451-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nApril 13, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2012-1906 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988\n\nSeveral vulnerabilities have been discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2012-1906\n\n Puppet is using predictable temporary file names when downloading\n Mac OS X package files. This allows a local attacker to either\n overwrite arbitrary files on the system or to install an arbitrary\n package.\n\nCVE-2012-1986\n\n When handling requests for a file from a remote filebucket, puppet\n can be tricked into overwriting its defined location for filebucket\n storage. This allows an authorized attacker with access to the puppet\n master to read arbitrary files.\n\nCVE-2012-1987\n\n Puppet is incorrectly handling filebucket store requests. This allows\n an attacker to perform denial of service attacks against puppet by\n resource exhaustion.\n\nCVE-2012-1988\n\n Puppet is incorrectly handling filebucket requests. This allows an\n attacker with access to the certificate on the agent and an unprivileged\n account on puppet master to execute arbitrary code via crafted file\n path names and making a filebucket request.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.13-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.13-1.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-04-13T04:52:10", "type": "debian", "title": "[SECURITY] [DSA 2451-1] puppet security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2012-04-13T04:52:10", "id": "DEBIAN:DSA-2451-1:E1AA5", "href": "https://lists.debian.org/debian-security-announce/2012/msg00081.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T00:02:28", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2419-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 27, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-1053 CVE-2012-1054\n\nTwo vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\nCVE-2012-1053\n\tPuppet runs execs with an unintended group privileges,\n\tpotentially leading to privilege escalation.\n\nCVE-2012-1054\n\tThe k5login type writes to untrusted locations,\n\tenabling local users to escalate their privileges\n\tif the k5login type is used.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.7.11-1.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-02-27T19:46:42", "type": "debian", "title": "[SECURITY] [DSA 2419-1] puppet security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-02-27T19:46:42", "id": "DEBIAN:DSA-2419-1:38FC3", "href": "https://lists.debian.org/debian-security-announce/2012/msg00047.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-27T05:59:41", "description": "\nMicah Anderson uploaded new packages for puppet which fixed the\nfollowing security problems: CVE-2012-1053 and CVE-2012-1054\n\n CVE-2012-1053\n\n Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation.\n\n CVE-2012-1054\n\n The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used.\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 2.7.11-1~bpo60+1.\n\n\n\n-- \n\nAttachment:\npgp54KwCi3Nba.pgp\nDescription: PGP signature\n", "cvss3": {}, "published": "2012-03-21T15:12:26", "type": "debian", "title": "[BSA-065] Security Update for puppet", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-21T15:12:26", "id": "DEBIAN:BSA-065:5B213", "href": "https://lists.debian.org/debian-backports-announce/2012/03/msg00003.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T00:09:39", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2352-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 22, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : puppet\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3872 \n\nIt was discovered that Puppet, a centralized configuration management\nsolution, misgenerated certificates if the &quot;certdnsnames&quot; option was\nused. This could lead to man in the middle attacks. More details are\navailable at http://puppetlabs.com/security/cve/cve-2011-3872/ \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.24.5-3+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.6-1.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-11-22T20:58:13", "type": "debian", "title": "[SECURITY] [DSA 2352-1] puppet security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872"], "modified": "2011-11-22T20:58:13", "id": "DEBIAN:DSA-2352-1:916A3", "href": "https://lists.debian.org/debian-security-announce/2011/msg00230.html", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-27T06:00:28", "description": "\nMicah Anderson uploaded new packages for puppet which fixed the\nfollowing security problems:\n\nCVE-2011-3872\n Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet\n Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an\n agent certificate, adds the Puppet master&#x27;s certdnsnames values to the\n X.509 Subject Alternative Name field of the certificate, which allows\n remote attackers to spoof a Puppet master via a man-in-the-middle\n (MITM) attack against an agent that uses an alternate DNS name for the\n master, aka &quot;AltNames Vulnerability.&quot;\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 2.7.6-1~bpo60+1.\n\n-- \n\nAttachment:\npgp546M1CdwI9.pgp\nDescription: PGP signature\n", "cvss3": {}, "published": "2011-11-01T14:36:03", "type": "debian", "title": "[BSA-055] Security update for puppet", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872"], "modified": "2011-11-01T14:36:03", "id": "DEBIAN:BSA-055:FE09A", "href": "https://lists.debian.org/debian-backports-announce/2011/11/msg00002.html", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-27T06:01:07", "description": "\nI&#x27;ve uploaded new packages for puppet which fixed the following security\nproblems:\n\nCVE-2011-3848\n Resist directory traversal attacks through indirections.\n\n In various versions of Puppet it was possible to cause a directory\n traversal attack through the SSLFile indirection base class. This was\n variously triggered through the user-supplied key, or the Subject of\n the certificate, in the code.\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 2.7.1-1~bpo60+2.\n\nmicah\n\n-- \n\nAttachment:\npgpEZJw86rwIp.pgp\nDescription: PGP signature\n", "cvss3": {}, "published": "2011-09-30T15:12:16", "type": "debian", "title": "[BSA-050] Security Update for puppet", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848"], "modified": "2011-09-30T15:12:16", "id": "DEBIAN:BSA-050:58D2F", "href": "https://lists.debian.org/debian-backports-announce/2011/10/msg00000.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T00:00:19", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2453-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nApril 16, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gajim\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2012-2093 CVE-2012-2086 CVE-2012-2085\nDebian bug : 668038\n\nSeveral vulnerabilities have been discovered in gajim, a feature-rich\njabber client. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2012-1987\n\n gajim is not properly sanitizing input before passing it to shell\n commands. An attacker can use this flaw to execute arbitrary code\n on behalf of the victim if the user e.g. clicks on a specially crafted\n URL in an instant message.\n\nCVE-2012-2093\n\n gajim is using predictable temporary files in an insecure manner when\n converting instant messages containing LaTeX to images. A local\n attacker can use this flaw to conduct symlink attacks and overwrite\n files the victim has write access to.\n\nCVE-2012-2086\n\n gajim is not properly sanitizing input when logging conversations\n which results in the possibility to conduct SQL injection attacks.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.13.4-3+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.15-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.15-1.\n\nWe recommend that you upgrade your gajim packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-04-16T05:23:39", "type": "debian", "title": "[SECURITY] [DSA 2453-1] gajim security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1987", "CVE-2012-2085", "CVE-2012-2086", "CVE-2012-2093"], "modified": "2012-04-16T05:23:39", "id": "DEBIAN:DSA-2453-1:EF8FE", "href": "https://lists.debian.org/debian-security-announce/2012/msg00083.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:08:52", "description": "\nMultiple security issues have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\n\n* [CVE-2011-3848](https://security-tracker.debian.org/tracker/CVE-2011-3848)\nKristian Erik Hermansen reported that an unauthenticated\n directory traversal could drop any valid X.509 Certificate Signing\n Request at any location on disk, with the privileges of the Puppet\n Master application.\n* [CVE-2011-3870](https://security-tracker.debian.org/tracker/CVE-2011-3870)\nRicky Zhou discovered a potential local privilege escalation in the\n ssh\\_authorized\\_keys resource and theoretically in the Solaris and\n AIX providers, where file ownership was given away before it was\n written, leading to a possibility for a user to overwrite arbitrary\n files as root, if their authorized\\_keys file was managed.\n* [CVE-2011-3869](https://security-tracker.debian.org/tracker/CVE-2011-3869)\nA predictable file name in the k5login type leads to the possibility\n of symlink attacks which would allow the owner of the home directory\n to symlink to anything on the system, and have it replaced with the\n correct content of the file, which can lead to a privilege escalation\n on puppet runs.\n* [CVE-2011-3871](https://security-tracker.debian.org/tracker/CVE-2011-3871)\nA potential local privilege escalation was found in the --edit mode\n of puppet resource due to a persistent, predictable file name,\n which can result in editing an arbitrary target file, and thus be\n be tricked into running that arbitrary file as the invoking\n user. This command is most commonly run as root, this leads to a\n potential privilege escalation.\n\n\nAdditionally, this update hardens the indirector file backed terminus base\nclass against injection attacks based on trusted path names.\n\n\nFor the oldstable distribution (lenny), this problem will be fixed soon.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.\n\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.3-3.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.3-3.\n\n\nWe recommend that you upgrade your puppet packages.\n\n\n", "cvss3": {}, "published": "2011-10-03T00:00:00", "type": "osv", "title": "puppet - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848", "CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2022-08-10T07:08:46", "id": "OSV:DSA-2314-1", "href": "https://osv.dev/vulnerability/DSA-2314-1", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2022-07-21T08:30:52", "description": "\nSeveral vulnerabilities have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\n\n* [CVE-2012-1906](https://security-tracker.debian.org/tracker/CVE-2012-1906)\nPuppet is using predictable temporary file names when downloading\n Mac OS X package files. This allows a local attacker to either\n overwrite arbitrary files on the system or to install an arbitrary\n package.\n* [CVE-2012-1986](https://security-tracker.debian.org/tracker/CVE-2012-1986)\nWhen handling requests for a file from a remote filebucket, Puppet\n can be tricked into overwriting its defined location for filebucket\n storage. This allows an authorized attacker with access to the Puppet\n master to read arbitrary files.\n* [CVE-2012-1987](https://security-tracker.debian.org/tracker/CVE-2012-1987)\nPuppet is incorrectly handling filebucket store requests. This allows\n an attacker to perform denial of service attacks against Puppet by\n resource exhaustion.\n* [CVE-2012-1988](https://security-tracker.debian.org/tracker/CVE-2012-1988)\nPuppet is incorrectly handling filebucket requests. This allows an\n attacker with access to the certificate on the agent and an unprivileged\n account on Puppet master to execute arbitrary code via crafted file\n path names and making a filebucket request.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.\n\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.13-1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.13-1.\n\n\nWe recommend that you upgrade your puppet packages.\n\n\n", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "osv", "title": "puppet - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"], "modified": "2022-07-21T05:47:40", "id": "OSV:DSA-2451-1", "href": "https://osv.dev/vulnerability/DSA-2451-1", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:06:00", "description": "\nTwo vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.\n\n\n* [CVE-2012-1053](https://security-tracker.debian.org/tracker/CVE-2012-1053)\nPuppet runs execs with an unintended group privileges,\n potentially leading to privilege escalation.\n* [CVE-2012-1054](https://security-tracker.debian.org/tracker/CVE-2012-1054)\nThe k5login type writes to untrusted locations,\n enabling local users to escalate their privileges\n if the k5login type is used.\n\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.\n\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.7.11-1.\n\n\nWe recommend that you upgrade your puppet packages.\n\n\n", "cvss3": {}, "published": "2012-02-27T00:00:00", "type": "osv", "title": "puppet - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2022-08-10T07:05:57", "id": "OSV:DSA-2419-1", "href": "https://osv.dev/vulnerability/DSA-2419-1", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:08:55", "description": "\nIt was discovered that Puppet, a centralized configuration management\nsolution, misgenerated certificates if the certdnsnames option was\nused. This could lead to man in the middle attacks. More details are\navailable on the [Puppet web site](http://puppetlabs.com/security/cve/cve-2011-3872/).\n\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.24.5-3+lenny2.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze3.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.6-1.\n\n\nWe recommend that you upgrade your puppet packages.\n\n\n", "cvss3": {}, "published": "2011-11-22T00:00:00", "type": "osv", "title": "puppet - programming error", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872"], "modified": "2022-08-10T07:08:49", "id": "OSV:DSA-2352-1", "href": "https://osv.dev/vulnerability/DSA-2352-1", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-21T08:30:51", "description": "\nSeveral vulnerabilities have been discovered in Gajim, a feature-rich\nJabber client. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\n\n* [CVE-2012-1987](https://security-tracker.debian.org/tracker/CVE-2012-1987)\nGajim is not properly sanitizing input before passing it to shell\n commands. An attacker can use this flaw to execute arbitrary code\n on behalf of the victim if the user e.g. clicks on a specially crafted\n URL in an instant message.\n* [CVE-2012-2093](https://security-tracker.debian.org/tracker/CVE-2012-2093)\nGajim is using predictable temporary files in an insecure manner when\n converting instant messages containing LaTeX to images. A local\n attacker can use this flaw to conduct symlink attacks and overwrite\n files the victim has write access to.\n* [CVE-2012-2086](https://security-tracker.debian.org/tracker/CVE-2012-2086)\nGajim is not properly sanitizing input when logging conversations\n which results in the possibility to conduct SQL injection attacks.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.13.4-3+squeeze3.\n\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.15-1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.15-1.\n\n\nWe recommend that you upgrade your gajim packages.\n\n\n", "cvss3": {}, "published": "2012-04-16T00:00:00", "type": "osv", "title": "gajim - several", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1987", "CVE-2012-2085", "CVE-2012-2086", "CVE-2012-2093"], "modified": "2022-07-21T05:47:41", "id": "OSV:DSA-2453-1", "href": "https://osv.dev/vulnerability/DSA-2453-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:30:52", "description": "\nSeveral vulnerabilities have been discovered in Gajim, a feature-rich\nJabber client. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\n\n* [CVE-2012-1987](https://security-tracker.debian.org/tracker/CVE-2012-1987)\nGajim is not properly sanitizing input before passing it to shell\n commands. An attacker can use this flaw to execute arbitrary code\n on behalf of the victim if the user e.g. clicks on a specially crafted\n URL in an instant message.\n* [CVE-2012-2093](https://security-tracker.debian.org/tracker/CVE-2012-2093)\nGajim is using predictable temporary files in an insecure manner when\n converting instant messages containing LaTeX to images. A local\n attacker can use this flaw to conduct symlink attacks and overwrite\n files the victim has write access to.\n* [CVE-2012-2086](https://security-tracker.debian.org/tracker/CVE-2012-2086)\nGajim is not properly sanitizing input when logging conversations\n which results in the possibility to conduct SQL injection attacks.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.13.4-3+squeeze3.\n\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.15-1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.15-1.\n\n\nWe recommend that you upgrade your gajim packages.\n\n\n", "cvss3": {}, "published": "2012-04-16T00:00:00", "type": "osv", "title": "gajim - regression", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1987", "CVE-2012-2085", "CVE-2012-2086", "CVE-2012-2093"], "modified": "2022-07-21T05:47:41", "id": "OSV:DSA-2453-2", "href": "https://osv.dev/vulnerability/DSA-2453-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2021-07-25T19:34:43", "description": "**Issue Overview:**\n\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.\n\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.\n\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.\n\n \n**Affected Packages:** \n\n\npuppet\n\n \n**Issue Correction:** \nRun _yum update puppet_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 puppet-2.6.6-3.2.amzn1.i686 \n \u00a0\u00a0\u00a0 puppet-server-2.6.6-3.2.amzn1.i686 \n \u00a0\u00a0\u00a0 puppet-debuginfo-2.6.6-3.2.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 puppet-2.6.6-3.2.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 puppet-debuginfo-2.6.6-3.2.amzn1.x86_64 \n \u00a0\u00a0\u00a0 puppet-2.6.6-3.2.amzn1.x86_64 \n \u00a0\u00a0\u00a0 puppet-server-2.6.6-3.2.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {}, "published": "2011-10-31T18:22:00", "type": "amazon", "title": "Medium: puppet", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3869", "CVE-2011-3870", "CVE-2011-3871"], "modified": "2014-09-14T14:31:00", "id": "ALAS-2011-011", "href": "https://alas.aws.amazon.com/ALAS-2011-11.html", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-07-25T19:33:51", "description": "**Issue Overview:**\n\nPuppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.\n\nThe change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. \n\n \n**Affected Packages:** \n\n\npuppet\n\n \n**Issue Correction:** \nRun _yum update puppet_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 puppet-server-2.6.14-1.5.amzn1.i686 \n \u00a0\u00a0\u00a0 puppet-2.6.14-1.5.amzn1.i686 \n \u00a0\u00a0\u00a0 puppet-debuginfo-2.6.14-1.5.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 puppet-2.6.14-1.5.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 puppet-server-2.6.14-1.5.amzn1.x86_64 \n \u00a0\u00a0\u00a0 puppet-2.6.14-1.5.amzn1.x86_64 \n \u00a0\u00a0\u00a0 puppet-debuginfo-2.6.14-1.5.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {}, "published": "2012-03-15T19:11:00", "type": "amazon", "title": "Medium: puppet", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2014-09-14T15:40:00", "id": "ALAS-2012-053", "href": "https://alas.aws.amazon.com/ALAS-2012-53.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-25T19:33:39", "description": "**Issue Overview:**\n\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. \n\n \n**Affected Packages:** \n\n\npuppet\n\n \n**Issue Correction:** \nRun _yum update puppet_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 puppet-debuginfo-2.6.16-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 puppet-2.6.16-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 puppet-server-2.6.16-1.6.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 puppet-2.6.16-1.6.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 puppet-debuginfo-2.6.16-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 puppet-2.6.16-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 puppet-server-2.6.16-1.6.amzn1.x86_64 \n \n \n", "edition": 2, "published": "2012-05-08T23:13:00", "type": "amazon", "title": "Medium: puppet", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1986"], "modified": "2014-09-14T16:09:00", "id": "ALAS-2012-075", "href": "https://alas.aws.amazon.com/ALAS-2012-75.html", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2022-01-04T13:10:29", "description": "USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on \nUbuntu 10.04 LTS that caused permission denied errors when managing SSH \nauthorized_keys files with Puppet. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that Puppet unsafely opened files when the k5login type \nis used to manage files. A local attacker could exploit this to overwrite \narbitrary files which could be used to escalate privileges. (CVE-2011-3869)\n\nRicky Zhou discovered that Puppet did not drop privileges when creating \nSSH authorized_keys files. A local attacker could exploit this to overwrite \narbitrary files as root. (CVE-2011-3870)\n\nIt was discovered that Puppet used a predictable filename when using the \n\\--edit resource. A local attacker could exploit this to edit arbitrary \nfiles or run arbitrary code as the user invoking the program, typically \nroot. (CVE-2011-3871)\n", "cvss3": {}, "published": "2011-10-05T00:00:00", "type": "ubuntu", "title": "Puppet regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3869"], "modified": "2011-10-05T00:00:00", "id": "USN-1223-2", "href": "https://ubuntu.com/security/notices/USN-1223-2", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2022-01-04T13:10:34", "description": "It was discovered that Puppet unsafely opened files when the k5login type \nis used to manage files. A local attacker could exploit this to overwrite \narbitrary files which could be used to escalate privileges. (CVE-2011-3869)\n\nRicky Zhou discovered that Puppet did not drop privileges when creating \nSSH authorized_keys files. A local attacker could exploit this to overwrite \narbitrary files as root. (CVE-2011-3870)\n\nIt was discovered that Puppet used a predictable filename when using the \n\\--edit resource. A local attacker could exploit this to edit arbitrary \nfiles or run arbitrary code as the user invoking the program, typically \nroot. (CVE-2011-3871)\n", "cvss3": {}, "published": "2011-09-30T00:00:00", "type": "ubuntu", "title": "Puppet vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3870", "CVE-2011-3871", "CVE-2011-3869"], "modified": "2011-09-30T00:00:00", "id": "USN-1223-1", "href": "https://ubuntu.com/security/notices/USN-1223-1", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2022-01-04T13:06:21", "description": "It was discovered that Puppet used a predictable filename when downloading Mac \nOS X package files. A local attacker could exploit this to overwrite arbitrary \nfiles. (CVE-2012-1906)\n\nIt was discovered that Puppet incorrectly handled filebucket retrieval \nrequests. A local attacker could exploit this to read arbitrary files. \n(CVE-2012-1986)\n\nIt was discovered that Puppet incorrectly handled filebucket store requests. A \nlocal attacker could exploit this to perform a denial of service via resource \nexhaustion. (CVE-2012-1987)\n\nIt was discovered that Puppet incorrectly handled filebucket requests. A local \nattacker could exploit this to execute arbitrary code via a crafted file path. \n(CVE-2012-1988)\n\nIt was discovered that Puppet used a predictable filename for the Telnet \nconnection log file. A local attacker could exploit this to overwrite arbitrary \nfiles. This issue only affected Ubuntu 11.10. (CVE-2012-1989)\n", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "ubuntu", "title": "Puppet vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1987", "CVE-2012-1986", "CVE-2012-1906", "CVE-2012-1989", "CVE-2012-1988"], "modified": "2012-04-11T00:00:00", "id": "USN-1419-1", "href": "https://ubuntu.com/security/notices/USN-1419-1", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T13:07:18", "description": "It was discovered that Puppet did not drop privileges when executing \ncommands as different users. If an attacker had control of the execution \nmanifests or the executed command, this could be used to execute code with \nelevated group permissions (typically root). (CVE-2012-1053)\n\nIt was discovered that Puppet unsafely opened files when the k5login type \nis used to manage files. A local attacker could exploit this to overwrite \narbitrary files and escalate privileges. (CVE-2012-1054)\n", "cvss3": {}, "published": "2012-02-23T00:00:00", "type": "ubuntu", "title": "Puppet vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-02-23T00:00:00", "id": "USN-1372-1", "href": "https://ubuntu.com/security/notices/USN-1372-1", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-25T23:47:24", "description": "It was discovered that Puppet incorrectly handled the non-default \n\"certdnsnames\" option when generating certificates. If this setting was \nadded to puppet.conf, the puppet primary server\u2019s DNS alt names were added \nto the X.509 Subject Alternative Name field of all certificates, not just \nthe puppet primary server\u2019s certificate. An attacker that has an incorrect \nagent certificate in his possession can use it to impersonate the puppet \nprimary server in a machine-in-the-middle attack.\n", "cvss3": {}, "published": "2011-10-24T00:00:00", "type": "ubuntu", "title": "Puppet vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872"], "modified": "2011-10-24T00:00:00", "id": "USN-1238-1", "href": "https://ubuntu.com/security/notices/USN-1238-1", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-04T13:10:40", "description": "Kristian Erik Hermansen discovered a directory traversal vulnerability in \nthe SSLFile indirection base class. A remote attacker could exploit this to \noverwrite files with the privileges of the Puppet Master.\n", "cvss3": {}, "published": "2011-09-29T00:00:00", "type": "ubuntu", "title": "Puppet vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848"], "modified": "2011-09-29T00:00:00", "id": "USN-1217-1", "href": "https://ubuntu.com/security/notices/USN-1217-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:10:31", "description": "Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "cve", "title": "CVE-2012-1987", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1986", "CVE-2012-1987"], "modified": "2019-07-11T15:09:00", "cpe": ["cpe:/a:puppet:puppet_enterprise:2.0.1", "cpe:/a:puppet:puppet:2.7.9", "cpe:/a:puppet:puppet_enterprise:1.2.1", "cpe:/a:puppet:puppet_enterprise:1.2.2", "cpe:/a:puppet:puppet:2.6.0", "cpe:/a:puppet:puppet:2.7.10", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppet:puppet:2.7.5", "cpe:/a:puppet:puppet_enterprise:1.2.4", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.7.7", "cpe:/a:puppet:puppet_enterprise:2.0.2", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet_enterprise:1.2.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.0", "cpe:/a:puppet:puppet:2.7.4", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppet:puppet:2.7.11", "cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet:2.7.2", "cpe:/a:puppet:puppet:2.7.8", "cpe:/a:puppet:puppet:2.7.6", "cpe:/a:puppet:puppet_enterprise:2.5.0", "cpe:/a:puppet:puppet_enterprise:1.2.3", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.10", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet:2.6.14", "cpe:/a:puppet:puppet_enterprise:2.0.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.1", "cpe:/a:puppet:puppet:2.6.11", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppet:puppet:2.6.12", "cpe:/a:puppet:puppet:2.6.13"], "id": "CVE-2012-1987", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1987", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:10:32", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "cve", "title": "CVE-2012-1988", "cwe": ["CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1988"], "modified": "2019-07-11T15:09:00", "cpe": ["cpe:/a:puppet:puppet_enterprise:2.0.1", "cpe:/a:puppet:puppet:2.7.9", "cpe:/a:puppet:puppet_enterprise:1.2.2", "cpe:/a:puppet:puppet_enterprise:1.2.1", "cpe:/a:puppet:puppet:2.6.0", "cpe:/a:puppet:puppet:2.7.10", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppet:puppet:2.7.5", "cpe:/a:puppet:puppet_enterprise:1.2.4", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.7.7", "cpe:/a:puppet:puppet_enterprise:2.0.2", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet_enterprise:1.2.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.0", "cpe:/a:puppet:puppet:2.7.4", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppet:puppet:2.7.11", "cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet_enterprise:2.5.0", "cpe:/a:puppet:puppet:2.7.8", "cpe:/a:puppet:puppet:2.7.6", "cpe:/a:puppet:puppet:2.7.2", "cpe:/a:puppet:puppet_enterprise:1.2.3", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.10", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet:2.6.14", "cpe:/a:puppet:puppet_enterprise:2.0.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.1", "cpe:/a:puppet:puppet:2.6.11", "cpe:/a:puppet:puppet:2.6.12", "cpe:/a:puppet:puppet:2.6.13"], "id": "CVE-2012-1988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1988", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:10:30", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "cve", "title": "CVE-2012-1986", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1986"], "modified": "2019-07-11T15:09:00", "cpe": ["cpe:/a:puppet:puppet_enterprise:2.0.1", "cpe:/a:puppet:puppet:2.7.9", "cpe:/a:puppet:puppet_enterprise:1.2.1", "cpe:/a:puppet:puppet_enterprise:1.2.2", "cpe:/a:puppet:puppet:2.6.0", "cpe:/a:puppet:puppet:2.7.10", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppet:puppet:2.7.5", "cpe:/a:puppet:puppet_enterprise:1.2.4", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.7.7", "cpe:/a:puppet:puppet_enterprise:2.0.2", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet_enterprise:1.2.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.0", "cpe:/a:puppet:puppet:2.7.4", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppet:puppet:2.7.11", "cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet:2.7.2", "cpe:/a:puppet:puppet:2.7.8", "cpe:/a:puppet:puppet:2.7.6", "cpe:/a:puppet:puppet_enterprise:2.5.0", "cpe:/a:puppet:puppet_enterprise:1.2.3", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.10", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet:2.6.14", "cpe:/a:puppet:puppet_enterprise:2.0.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.1", "cpe:/a:puppet:puppet:2.6.11", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppet:puppet:2.6.12", "cpe:/a:puppet:puppet:2.6.13"], "id": "CVE-2012-1986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1986", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:34:08", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "cve", "title": "CVE-2011-3869", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3869"], "modified": "2019-07-10T14:13:00", "cpe": ["cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.10", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppet:puppet:0.25.3", "cpe:/a:puppet:puppet:0.25.4", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet:0.25.0", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet:0.25.2", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppet:puppet:0.25.5", "cpe:/a:puppet:puppet:0.25.6", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.0", "cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppet:puppet:0.25.1", "cpe:/a:puppet:puppet:2.7.4", "cpe:/a:puppet:puppet:2.7.2"], "id": "CVE-2011-3869", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3869", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}, "cpe23": ["cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:34:09", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "cve", "title": "CVE-2011-3871", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3871"], "modified": "2019-07-10T14:13:00", "cpe": ["cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.10", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppet:puppet:0.25.4", "cpe:/a:puppet:puppet:0.25.3", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet:0.25.0", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet:0.25.2", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppet:puppet:0.25.5", "cpe:/a:puppet:puppet:0.25.6", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.0", "cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppet:puppet:0.25.1", "cpe:/a:puppet:puppet:2.7.4", "cpe:/a:puppet:puppet:2.7.2"], "id": "CVE-2011-3871", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3871", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:34:07", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "cve", "title": "CVE-2011-3870", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3870"], "modified": "2019-07-10T14:13:00", "cpe": ["cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.10", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppet:puppet:0.25.3", "cpe:/a:puppet:puppet:0.25.4", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet:0.25.0", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet:0.25.2", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppet:puppet:0.25.5", "cpe:/a:puppet:puppet:0.25.6", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.0", "cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppet:puppet:0.25.1", "cpe:/a:puppet:puppet:2.7.4", "cpe:/a:puppet:puppet:2.7.2"], "id": "CVE-2011-3870", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3870", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}, "cpe23": ["cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:0.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:54:04", "description": "Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "cve", "title": "CVE-2012-1054", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1054"], "modified": "2019-07-11T15:09:00", "cpe": ["cpe:/a:puppet:puppet_enterprise:2.0.1", "cpe:/a:puppet:puppet:2.7.9", "cpe:/a:puppet:puppet_enterprise:1.2.1", "cpe:/a:puppet:puppet_enterprise:1.2.2", "cpe:/a:puppet:puppet:2.6.0", "cpe:/a:puppet:puppet:2.7.10", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppet:puppet:2.7.5", "cpe:/a:puppet:puppet_enterprise:1.2.4", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.7.7", "cpe:/a:puppet:puppet_enterprise:2.0.2", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet_enterprise:1.2.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.0", "cpe:/a:puppet:puppet:2.7.4", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet:2.7.2", "cpe:/a:puppet:puppet:2.7.8", "cpe:/a:puppet:puppet:2.7.6", "cpe:/a:puppet:puppet_enterprise:1.2.3", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.10", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet_enterprise:2.0.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.1", "cpe:/a:puppet:puppet:2.6.11", "cpe:/a:puppet:puppet:2.6.12", "cpe:/a:puppet:puppet:2.6.13"], "id": "CVE-2012-1054", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1054", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:34:10", "description": "Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka \"AltNames Vulnerability.\"", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "cve", "title": "CVE-2011-3872", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872"], "modified": "2019-07-11T15:09:00", "cpe": ["cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.10", "cpe:/a:puppet:puppet:2.6.11", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppet:puppet_enterprise:1.2.1", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet_enterprise:1.2.2", "cpe:/a:puppetlabs:puppet_enterprise_users:1.0", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.7.5", "cpe:/a:puppet:puppet_enterprise:1.2.0", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppetlabs:puppet_enterprise_users:1.1", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.0", "cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppet:puppet:2.7.4", "cpe:/a:puppet:puppet:2.7.2", "cpe:/a:puppet:puppet_enterprise:1.2.3"], "id": "CVE-2011-3872", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3872", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:54:03", "description": "The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "cve", "title": "CVE-2012-1053", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1053"], "modified": "2019-07-11T15:09:00", "cpe": ["cpe:/a:puppet:puppet_enterprise:2.0.1", "cpe:/a:puppet:puppet:2.7.9", "cpe:/a:puppet:puppet_enterprise:1.2.1", "cpe:/a:puppet:puppet_enterprise:1.2.2", "cpe:/a:puppet:puppet:2.6.0", "cpe:/a:puppet:puppet:2.7.10", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppet:puppet:2.7.5", "cpe:/a:puppet:puppet_enterprise:1.2.4", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.7.7", "cpe:/a:puppet:puppet_enterprise:2.0.2", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet_enterprise:1.2.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.0", "cpe:/a:puppet:puppet:2.7.4", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet:2.7.2", "cpe:/a:puppet:puppet:2.7.8", "cpe:/a:puppet:puppet:2.7.6", "cpe:/a:puppet:puppet_enterprise:1.2.3", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.10", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet_enterprise:2.0.0", "cpe:/a:puppetlabs:puppet_enterprise_users:1.1", "cpe:/a:puppet:puppet:2.6.11", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppet:puppet:2.6.12", "cpe:/a:puppet:puppet:2.6.13"], "id": "CVE-2012-1053", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1053", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:33:45", "description": "Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "cve", "title": "CVE-2011-3848", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848"], "modified": "2019-07-10T14:13:00", "cpe": ["cpe:/a:puppet:puppet:2.6.4", "cpe:/a:puppet:puppet:2.6.1", "cpe:/a:puppet:puppet:2.6.6", "cpe:/a:puppet:puppet:2.6.9", "cpe:/a:puppet:puppet:2.6.5", "cpe:/a:puppet:puppet:2.7.3", "cpe:/a:puppet:puppet:2.6.2", "cpe:/a:puppetlabs:puppet:2.7.1", "cpe:/a:puppet:puppet:2.6.7", "cpe:/a:puppet:puppet:2.7.2", "cpe:/a:puppet:puppet:2.6.3", "cpe:/a:puppet:puppet:2.6.8", "cpe:/a:puppetlabs:puppet:2.7.0", "cpe:/a:puppet:puppet:2.6.0"], "id": "CVE-2011-3848", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3848", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T14:30:28", "description": "Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before\n2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x\nbefore 2.5.1 allows remote authenticated users with agent SSL keys to (1)\ncause a denial of service (memory consumption) via a REST request to a\nstream that triggers a thread block, as demonstrated using CVE-2012-1986\nand /dev/random; or (2) cause a denial of service (filesystem consumption)\nvia crafted REST requests that use \"a marshaled form of a\nPuppet::FileBucket::File object\" to write to arbitrary file locations.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/978708>\n", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1987", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1986", "CVE-2012-1987"], "modified": "2012-04-11T00:00:00", "id": "UB:CVE-2012-1987", "href": "https://ubuntu.com/security/CVE-2012-1987", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:30:28", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise\n(PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote\nauthenticated users with agent SSL keys and file-creation permissions on\nthe puppet master to execute arbitrary commands by creating a file whose\nfull pathname contains shell metacharacters, then performing a filebucket\nrequest.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/978708>\n", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1988", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1988"], "modified": "2012-04-11T00:00:00", "id": "UB:CVE-2012-1988", "href": "https://ubuntu.com/security/CVE-2012-1988", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:30:28", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise\n(PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote\nauthenticated users with an authorized SSL key and certain permissions on\nthe puppet master to read arbitrary files via a symlink attack in\nconjunction with a crafted REST request for a file in a filebucket.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/978708>\n", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1986", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1986"], "modified": "2012-04-11T00:00:00", "id": "UB:CVE-2012-1986", "href": "https://ubuntu.com/security/CVE-2012-1986", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:32:21", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local\nusers to overwrite arbitrary files via a symlink attack on the .k5login\nfile.", "cvss3": {}, "published": "2011-10-01T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3869", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3869"], "modified": "2011-10-01T00:00:00", "id": "UB:CVE-2011-3869", "href": "https://ubuntu.com/security/CVE-2011-3869", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2022-08-04T14:32:21", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local\nusers to modify the permissions of arbitrary files via a symlink attack on\nthe SSH authorized_keys file.", "cvss3": {}, "published": "2011-10-01T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3870", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3870"], "modified": "2011-10-01T00:00:00", "id": "UB:CVE-2011-3870", "href": "https://ubuntu.com/security/CVE-2011-3870", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2022-08-04T14:32:20", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in\n--edit mode, uses a predictable file name, which allows local users to run\narbitrary Puppet code or trick a user into editing arbitrary files.", "cvss3": {}, "published": "2011-10-01T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3871", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3871"], "modified": "2011-10-01T00:00:00", "id": "UB:CVE-2011-3871", "href": "https://ubuntu.com/security/CVE-2011-3871", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:30:53", "description": "Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise\n(PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login\nfile with the k5login resource type, allows local users to gain privileges\nvia a symlink attack on .k5login.", "cvss3": {}, "published": "2012-02-23T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1054", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1054"], "modified": "2012-02-23T00:00:00", "id": "UB:CVE-2012-1054", "href": "https://ubuntu.com/security/CVE-2012-1054", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:32:02", "description": "Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise\n(PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent\ncertificate, adds the Puppet master's certdnsnames values to the X.509\nSubject Alternative Name field of the certificate, which allows remote\nattackers to spoof a Puppet master via a man-in-the-middle (MITM) attack\nagainst an agent that uses an alternate DNS name for the master, aka\n\"AltNames Vulnerability.\"", "cvss3": {}, "published": "2011-10-24T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3872", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872"], "modified": "2011-10-24T00:00:00", "id": "UB:CVE-2011-3872", "href": "https://ubuntu.com/security/CVE-2011-3872", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:30:54", "description": "The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb)\nin Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet\nEnterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly\nmanage group privileges, which allows local users to gain privileges via\nvectors related to (1) the change_user not dropping supplementary groups in\ncertain conditions, (2) changes to the eguid without associated changes to\nthe egid, or (3) the addition of the real gid to supplementary groups.", "cvss3": {}, "published": "2012-02-23T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1053", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1053"], "modified": "2012-02-23T00:00:00", "id": "UB:CVE-2012-1053", "href": "https://ubuntu.com/security/CVE-2012-1053", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:32:23", "description": "Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x\nbefore 2.7.4 allows remote attackers to write X.509 Certificate Signing\nRequest (CSR) to arbitrary locations via (1) a double-encoded key parameter\nin the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.\n\n#### Bugs\n\n * <https://launchpad.net/bugs/861182>\n", "cvss3": {}, "published": "2011-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3848", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848"], "modified": "2011-09-28T00:00:00", "id": "UB:CVE-2011-3848", "href": "https://ubuntu.com/security/CVE-2011-3848", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:44", "description": "Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "debiancve", "title": "CVE-2012-1987", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1986", "CVE-2012-1987"], "modified": "2012-05-29T20:55:00", "id": "DEBIANCVE:CVE-2012-1987", "href": "https://security-tracker.debian.org/tracker/CVE-2012-1987", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:44", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "debiancve", "title": "CVE-2012-1988", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1988"], "modified": "2012-05-29T20:55:00", "id": "DEBIANCVE:CVE-2012-1988", "href": "https://security-tracker.debian.org/tracker/CVE-2012-1988", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T06:01:44", "description": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "debiancve", "title": "CVE-2012-1986", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1986"], "modified": "2012-05-29T20:55:00", "id": "DEBIANCVE:CVE-2012-1986", "href": "https://security-tracker.debian.org/tracker/CVE-2012-1986", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-07-04T06:01:44", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "debiancve", "title": "CVE-2011-3869", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3869"], "modified": "2011-10-27T20:55:00", "id": "DEBIANCVE:CVE-2011-3869", "href": "https://security-tracker.debian.org/tracker/CVE-2011-3869", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2022-07-04T06:01:44", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "debiancve", "title": "CVE-2011-3871", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3871"], "modified": "2011-10-27T20:55:00", "id": "DEBIANCVE:CVE-2011-3871", "href": "https://security-tracker.debian.org/tracker/CVE-2011-3871", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T06:01:44", "description": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "debiancve", "title": "CVE-2011-3870", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3870"], "modified": "2011-10-27T20:55:00", "id": "DEBIANCVE:CVE-2011-3870", "href": "https://security-tracker.debian.org/tracker/CVE-2011-3870", "cvss": {"score": 6.3, "vector": "AV:L/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2022-07-04T06:01:44", "description": "Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "debiancve", "title": "CVE-2012-1054", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1054"], "modified": "2012-05-29T20:55:00", "id": "DEBIANCVE:CVE-2012-1054", "href": "https://security-tracker.debian.org/tracker/CVE-2012-1054", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T06:01:44", "description": "Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka \"AltNames Vulnerability.\"", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "debiancve", "title": "CVE-2011-3872", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3872"], "modified": "2011-10-27T20:55:00", "id": "DEBIANCVE:CVE-2011-3872", "href": "https://security-tracker.debian.org/tracker/CVE-2011-3872", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-04T06:01:44", "description": "The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.", "cvss3": {}, "published": "2012-05-29T20:55:00", "type": "debiancve", "title": "CVE-2012-1053", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1053"], "modified": "2012-05-29T20:55:00", "id": "DEBIANCVE:CVE-2012-1053", "href": "https://security-tracker.debian.org/tracker/CVE-2012-1053", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T06:01:44", "description": "Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.", "cvss3": {}, "published": "2011-10-27T20:55:00", "type": "debiancve", "title": "CVE-2011-3848", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3848"], "modified": "2011-10-27T20:55:00", "id": "DEBIANCVE:CVE-2011-3848", "href": "https://security-tracker.debian.org/tracker/CVE-2011-3848", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:49", "description": "\n\n\nMultiple vulnerabilities exist in puppet that can result in\n\t arbitrary code execution, arbitrary file read access, denial of\n\t service, and arbitrary file write access. Please review the\n\t details in each of the CVEs for additional information.\n\n\n", "cvss3": {}, "published": "2012-03-26T00:00:00", "type": "freebsd", "title": "puppet -- Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"], "modified": "2012-03-26T00:00:00", "id": "607D2108-A0E4-423A-BF78-846F2A8F01B0", "href": "https://vuxml.freebsd.org/freebsd/607d2108-a0e4-423a-bf78-846f2a8f01b0.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:36:29", "description": "This update of puppet fixes two vulnerabilities that could\n potentially be exploited by local attackers to escalate\n privileges due to improper privilege dropping and file\n handling issues (symlink flaws) in puppet (CVE-2012-1053,\n CVE-2012-1054).\n", "cvss3": {}, "published": "2012-03-06T22:08:33", "type": "suse", "title": "Security update for puppet (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1053", "CVE-2012-1054"], "modified": "2012-03-06T22:08:33", "id": "SUSE-SU-2012:0325-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}