SUSE CVE-2011-3848

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...

openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)

Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks CVE-2011-3872. Note: If you've set the 'certdnsnames' option in your master's puppet.conf file...

openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)

A directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations CVE-2011-3848 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)

Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks CVE-2011-3872. Note: If you've set the 'certdnsnames' option in your master's puppet.conf file...

openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)

A directory traversal vulnerability in puppet allowed unauthenticated remote attackers to upload x.509 certificate signing requests to arbitrary locations CVE-2011-3848 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Fedora Update for puppet FEDORA-2012-6055

Check for the Version of puppet OpenVAS Vulnerability Test Fedora Update for puppet FEDORA-2012-6055 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

SuSE 11.1 Security Update : puppet (SAT Patch Number 5421)

The following security issues have been fixed : - Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks. CVE-2011-3872 Note: If you've set the...

Fedora Update for puppet FEDORA-2011-14994

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2011-3848

CVE-2011-3848: A directory traversal in Puppet allows writing X.509 certificate signing requests to arbitrary locations. Affected: Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4. Exploitation methods in the connected docs include (1) a double-encoded key parameter in the URI (2.7.x) and (2) th...

Fedora Update for puppet FEDORA-2011-13633

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for puppet FEDORA-2011-13636

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Debian Security Advisory DSA 2314-1 (puppet)

The remote host is missing an update to puppet announced via advisory DSA 2314-1. OpenVAS Vulnerability Test $Id: deb23141.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2314-1 puppet Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Debian: Security Advisory (DSA-2314-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[BSA-051] Security update for puppet

Micah Anderson uploaded new packages for puppet which fixed the following security problems: CVE-2011-3848=20 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X.509 Certificate Signing Request at any location on disk, with the privileges of the...

[BSA-050] Security Update for puppet

Ive uploaded new packages for puppet which fixed the following security problems: CVE-2011-3848 Resist directory traversal attacks through indirections. In various versions of Puppet it was possible to cause a directory traversal attack through the SSLFile indirection base class. This was various...