2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
70.4%
It was discovered that Puppet, a centralized configuration management
solution, misgenerated certificates if the certdnsnames option was
used. This could lead to man in the middle attacks. More details are
available on the Puppet web site.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.24.5-3+lenny2.
For the stable distribution (squeeze), this problem has been fixed in
version 2.6.2-5+squeeze3.
For the unstable distribution (sid), this problem has been fixed in
version 2.7.6-1.
We recommend that you upgrade your puppet packages.