EUVD-2014-3264

Malware in sbrugna...

Puppet Enterprise 2.8.x / 3.2.x Multiple Vulnerabilities

According to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 2.8.x or 3.2.x. It is, therefore, affected by multiple vulnerabilities : - An error exists in the 'dossl3write' function that permits a NULL pointer to be dereferenced, which...

CVE-2014-3251

The MCollective aessecurity plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to...

CVE-2014-3251

CVE-2014-3251 affects the MCollective aes_security plugin used with Puppet Enterprise before 3.3.0 and MCollective before 2.5.3. The issue is improper validation of new server certificates based on the CA certificate, allowing a local attacker to establish unauthorized MCollective connections via...

FreeBSD : mcollective -- cert valication issue (ecea9e92-0be5-4931-88da-8772d044972a)

Melissa Stone reports : The MCollective aessecurity public key plugin does not correctly validate certs against the CA. By exploiting this vulnerability within a race/initialization window, an attacker with local access could initiate an unauthorized MCollective client connection with a server, a...