openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)

Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks CVE-2011-3872. Note: If you've set the 'certdnsnames' option in your master's puppet.conf file...

openSUSE Security Update : puppet (openSUSE-SU-2011:1288-1)

Puppet's certificate authority issued Puppet agent certificates capable of impersonating the Puppet master. Compromised or rogue puppet agents could therefore use their certificates for MITM attacks CVE-2011-3872. Note: If you've set the 'certdnsnames' option in your master's puppet.conf file...

Fedora Update for puppet FEDORA-2012-6055

Check for the Version of puppet OpenVAS Vulnerability Test Fedora Update for puppet FEDORA-2012-6055 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Fedora Update for puppet FEDORA-2011-13623

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for puppet FEDORA-2011-14994

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

CVE-2011-3871

CVE-2011-3871 is described in the connected advisory as a vulnerability in Puppet where, in --edit mode, certain Puppet versions (2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x) use a predictable file name. This allows local users to run arbitrary Puppet code or trick a user into editing arb...

Fedora Update for puppet FEDORA-2011-13633

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for puppet FEDORA-2011-13636

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Debian Security Advisory DSA 2314-1 (puppet)

The remote host is missing an update to puppet announced via advisory DSA 2314-1. OpenVAS Vulnerability Test $Id: deb23141.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2314-1 puppet Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Debian: Security Advisory (DSA-2314-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for puppet USN-1223-2

Ubuntu Update for Linux kernel vulnerabilities USN-1223-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN12232.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for puppet USN-1223-2 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu: Security Advisory (USN-1223-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS : puppet regression (USN-1223-2)

USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorizedkeys files with Puppet. This update fixes the problem. We apologize for the inconvenience. It was discovered that Puppet unsafely opened files wh...

USN-1223-2: Puppet regression

USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorizedkeys files with Puppet. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Pupp...

Ubuntu Update for puppet USN-1223-1

Ubuntu Update for Linux kernel vulnerabilities USN-1223-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12231.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for puppet USN-1223-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu: Security Advisory (USN-1223-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[BSA-051] Security update for puppet

Micah Anderson uploaded new packages for puppet which fixed the following security problems: CVE-2011-3848=20 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X.509 Certificate Signing Request at any location on disk, with the privileges of the...

Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerabilities (USN-1223-1)

It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. CVE-2011-3869 Ricky Zhou discovered that Puppet did not drop privileges when creating SSH...

USN-1223-1: Puppet vulnerabilities

It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. CVE-2011-3869 Ricky Zhou discovered that Puppet did not drop privileges when creating SSH...