{"href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00053.html", "id": "OPENSUSE-SU-2017:1948-1", "reporter": "Suse", "published": "2017-07-25T00:11:18", "description": "This update for rubygem-puppet fixes the following issues:\n\n - CVE-2017-2295: A remote attacker could have forced unsafe YAML\n deserialization which could have led to code execution (bsc#1040151)\n\n", "title": "Security update for rubygem-puppet (important)", "affectedPackage": [{"arch": "i586", "packageName": "ruby2.1-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "rubygem-puppet-master", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-master-3.8.7-17.3.1.x86_64.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "i586", "packageName": "rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.4-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.4-rubygem-puppet-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "ruby2.3-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.3-rubygem-puppet-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-3.8.7-17.3.1.i586.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "x86_64", "packageName": "ruby2.1-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-testsuite-3.8.7-17.3.1.x86_64.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "x86_64", "packageName": "ruby2.2-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.2-rubygem-puppet-testsuite-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.4-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.4-rubygem-puppet-doc-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.1-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-doc-3.8.7-17.3.1.x86_64.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "noarch", "packageName": "rubygem-puppet-emacs", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-emacs-3.8.7-20.1.noarch.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "rubygem-puppet-master", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-master-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "noarch", "packageName": "rubygem-puppet-vim", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-vim-3.8.7-17.3.1.noarch.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "i586", "packageName": "ruby2.4-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.4-rubygem-puppet-testsuite-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "ruby2.1-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-3.8.7-17.3.1.i586.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "x86_64", "packageName": "ruby2.2-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.2-rubygem-puppet-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.1-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-doc-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.1-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "ruby2.1-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-doc-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.1-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-3.8.7-17.3.1.x86_64.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "noarch", "packageName": "rubygem-puppet-emacs", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-emacs-3.8.7-17.3.1.noarch.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "i586", "packageName": "ruby2.1-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-testsuite-3.8.7-17.3.1.i586.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "i586", "packageName": "ruby2.2-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.2-rubygem-puppet-testsuite-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "ruby2.4-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.4-rubygem-puppet-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "ruby2.2-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.2-rubygem-puppet-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.2-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.2-rubygem-puppet-doc-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "ruby2.3-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.3-rubygem-puppet-testsuite-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.3-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.3-rubygem-puppet-doc-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-3.8.7-17.3.1.x86_64.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "i586", "packageName": "ruby2.3-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.3-rubygem-puppet-doc-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.1-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "noarch", "packageName": "rubygem-puppet-master-unicorn", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-master-unicorn-3.8.7-20.1.noarch.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.4-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.4-rubygem-puppet-testsuite-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "noarch", "packageName": "rubygem-puppet-master-unicorn", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-master-unicorn-3.8.7-17.3.1.noarch.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "i586", "packageName": "ruby2.1-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-doc-3.8.7-17.3.1.i586.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "i586", "packageName": "ruby2.1-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "rubygem-puppet-master", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-master-3.8.7-17.3.1.i586.rpm", "packageVersion": "3.8.7-17.3.1", "OSVersion": "42.2"}, {"arch": "i586", "packageName": "ruby2.4-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.4-rubygem-puppet-doc-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "rubygem-puppet-master", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-master-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "noarch", "packageName": "rubygem-puppet-vim", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-vim-3.8.7-20.1.noarch.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.3-rubygem-puppet-testsuite", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.3-rubygem-puppet-testsuite-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "ruby2.3-rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.3-rubygem-puppet-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "x86_64", "packageName": "rubygem-puppet", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "rubygem-puppet-3.8.7-20.1.x86_64.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}, {"arch": "i586", "packageName": "ruby2.2-rubygem-puppet-doc", "operator": "lt", "OS": "openSUSE Leap", "packageFilename": "ruby2.2-rubygem-puppet-doc-3.8.7-20.1.i586.rpm", "packageVersion": "3.8.7-20.1", "OSVersion": "42.3"}], "bulletinFamily": "unix", "type": "suse", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": ["https://bugzilla.suse.com/1040151"], "edition": 1, "cvelist": ["CVE-2017-2295"], "lastseen": "2017-07-25T02:49:03", "viewCount": 54, "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2017-07-25T02:49:03", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-2295"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891012", "OPENVAS:1361412562310872728", "OPENVAS:1361412562310703862", "OPENVAS:703862", "OPENVAS:1361412562310106929", "OPENVAS:1361412562310843194", "OPENVAS:1361412562310851584"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3308-1.NASL", "FEDORA_2017-8AD8D1BD86.NASL", "SUSE_SU-2017-2113-1.NASL", "FEDORA_2017-B9B66117BB.NASL", "SUSE_SU-2018-0600-1.NASL", "PUPPET_ENTERPRISE_2016_4_5.NASL", "ALA_ALAS-2017-849.NASL", "DEBIAN_DSA-3862.NASL", "OPENSUSE-2017-835.NASL", "DEBIAN_DLA-1012.NASL"]}, {"type": "fedora", "idList": ["FEDORA:46ECF605E16E", "FEDORA:8B0FF60A9A90"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1012-1:62EF6", "DEBIAN:DSA-3862-1:BC5FB"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2113-1"]}, {"type": "amazon", "idList": ["ALAS-2017-849"]}, {"type": "ubuntu", "idList": ["USN-3308-1"]}, {"type": "redhat", "idList": ["RHSA-2018:0336"]}], "modified": "2017-07-25T02:49:03", "rev": 2}, "vulnersScore": 5.5}, "modified": "2017-07-25T00:11:18"}

{"cve": [{"lastseen": "2021-02-02T06:36:43", "description": "Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.8}, "published": "2017-07-05T15:29:00", "title": "CVE-2017-2295", "type": "cve", "cwe": ["CWE-502"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2295"], "modified": "2018-05-24T13:36:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:puppet:puppet:4.10.0"], "id": "CVE-2017-2295", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2295", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:puppet:puppet:4.10.0:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2295"], "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "modified": "2017-06-01T05:13:28", "published": "2017-06-01T05:13:28", "id": "FEDORA:46ECF605E16E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: puppet-4.2.1-5.fc25", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2295"], "description": "Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. ", "modified": "2017-06-09T20:07:32", "published": "2017-06-09T20:07:32", "id": "FEDORA:8B0FF60A9A90", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: puppet-4.6.2-4.fc26", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:13:02", "description": "Contains fixes to ensure Puppet can start correctly and a security fix\nfor remote code execution tracked as\n[CVE-2017-2295](https://bugzilla.redhat.com/show_bug.cgi?id=1452654).\n\n - Fix remote code execution in Puppet master during fact\n uploads - Fedora#1452654\n\n - Fix SSL monkey patches error on startup - Fedora#1440710\n , Fedora#1443673\n\n - Fix xmlrpc/client require error on startup -\n Fedora#1443673\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 8.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : puppet (2017-b9b66117bb)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:puppet", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-B9B66117BB.NASL", "href": "https://www.tenable.com/plugins/nessus/101710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b9b66117bb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101710);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-2295\");\n script_xref(name:\"FEDORA\", value:\"2017-b9b66117bb\");\n\n script_name(english:\"Fedora 26 : puppet (2017-b9b66117bb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Contains fixes to ensure Puppet can start correctly and a security fix\nfor remote code execution tracked as\n[CVE-2017-2295](https://bugzilla.redhat.com/show_bug.cgi?id=1452654).\n\n - Fix remote code execution in Puppet master during fact\n uploads - Fedora#1452654\n\n - Fix SSL monkey patches error on startup - Fedora#1440710\n , Fedora#1443673\n\n - Fix xmlrpc/client require error on startup -\n Fedora#1443673\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9b66117bb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"puppet-4.6.2-4.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:49", "description": "Security fix for CVE-2017-2295 and fix for using systemd service\nprovider in a chroot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 8.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}, "published": "2017-06-01T00:00:00", "title": "Fedora 25 : puppet (2017-8ad8d1bd86)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "modified": "2017-06-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:puppet"], "id": "FEDORA_2017-8AD8D1BD86.NASL", "href": "https://www.tenable.com/plugins/nessus/100564", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-8ad8d1bd86.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100564);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-2295\");\n script_xref(name:\"FEDORA\", value:\"2017-8ad8d1bd86\");\n\n script_name(english:\"Fedora 25 : puppet (2017-8ad8d1bd86)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-2295 and fix for using systemd service\nprovider in a chroot.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8ad8d1bd86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"puppet-4.2.1-5.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:38:25", "description": "Versions of Puppet prior to 4.10.1 will deserialize data off the wire\n(from the agent to the server, in this case) with a attacker-specified\nformat. This could be used to force YAML deserialization in an unsafe\nmanner, which would lead to remote code execution.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.7.23-1~deb7u4, by enabling PSON serialization on clients and\nrefusing non-PSON formats on the server.\n\nWe recommend that you upgrade your puppet packages. Make sure you\nupdate all your clients before you update the server otherwise older\nclients won't be able to connect to the server.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 8.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}, "published": "2017-07-05T00:00:00", "title": "Debian DLA-1012-1 : puppet security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "modified": "2017-07-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puppet-common", "p-cpe:/a:debian:debian_linux:puppetmaster-common", "p-cpe:/a:debian:debian_linux:puppetmaster-passenger", "p-cpe:/a:debian:debian_linux:puppet-testsuite", "p-cpe:/a:debian:debian_linux:puppetmaster", "p-cpe:/a:debian:debian_linux:puppet-el", "p-cpe:/a:debian:debian_linux:puppet", "p-cpe:/a:debian:debian_linux:vim-puppet", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1012.NASL", "href": "https://www.tenable.com/plugins/nessus/101211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1012-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101211);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-2295\");\n\n script_name(english:\"Debian DLA-1012-1 : puppet security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Versions of Puppet prior to 4.10.1 will deserialize data off the wire\n(from the agent to the server, in this case) with a attacker-specified\nformat. This could be used to force YAML deserialization in an unsafe\nmanner, which would lead to remote code execution.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.7.23-1~deb7u4, by enabling PSON serialization on clients and\nrefusing non-PSON formats on the server.\n\nWe recommend that you upgrade your puppet packages. Make sure you\nupdate all your clients before you update the server otherwise older\nclients won't be able to connect to the server.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/puppet\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppetmaster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppetmaster-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppetmaster-passenger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vim-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"puppet\", reference:\"2.7.23-1~deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppet-common\", reference:\"2.7.23-1~deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppet-el\", reference:\"2.7.23-1~deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppet-testsuite\", reference:\"2.7.23-1~deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppetmaster\", reference:\"2.7.23-1~deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppetmaster-common\", reference:\"2.7.23-1~deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"puppetmaster-passenger\", reference:\"2.7.23-1~deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vim-puppet\", reference:\"2.7.23-1~deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T01:21:36", "description": "Unsafe YAML deserialization :\n\nVersions of Puppet prior to 4.10.1 will deserialize data off the wire\n(from the agent to the server, in this case) with a attacker-specified\nformat. This could be used to force YAML deserialization in an unsafe\nmanner, which would lead to remote code execution. This change\nconstrains the format of data on the wire to PSON or safely decoded\nYAML. (CVE-2017-2295 )", "edition": 27, "cvss3": {"score": 8.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}, "published": "2017-06-23T00:00:00", "title": "Amazon Linux AMI : puppet3 (ALAS-2017-849)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:puppet3", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:puppet3-server"], "id": "ALA_ALAS-2017-849.NASL", "href": "https://www.tenable.com/plugins/nessus/101002", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-849.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101002);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-2295\");\n script_xref(name:\"ALAS\", value:\"2017-849\");\n\n script_name(english:\"Amazon Linux AMI : puppet3 (ALAS-2017-849)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Unsafe YAML deserialization :\n\nVersions of Puppet prior to 4.10.1 will deserialize data off the wire\n(from the agent to the server, in this case) with a attacker-specified\nformat. This could be used to force YAML deserialization in an unsafe\nmanner, which would lead to remote code execution. This change\nconstrains the format of data on the wire to PSON or safely decoded\nYAML. (CVE-2017-2295 )\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-849.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update puppet3' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:puppet3-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"puppet3-3.7.4-1.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"puppet3-server-3.7.4-1.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet3 / puppet3-server\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:26:10", "description": "This update for puppet fixes the following issues: Security issue\nfixed :\n\n - CVE-2017-2295: Possible code execution vulnerability\n where an attacker could force YAML deserialization in an\n unsafe manner. In default, this update breaks a\n backwards compatibility with Puppet agents older than\n 3.2.2 as the SLE12 master doesn't support other fact\n formats than pson in default anymore. In order to allow\n users to continue using their SLE12 master/SLE11 agents\n setup and fix CVE-2017-2295 for the others, a new puppet\n master boolean option 'dangerous_fact_formats' was\n added. When it's set to true it enables using dangerous\n fact formats (e.g. YAML). When it's set to false, only\n PSON fact format is accepted. (bsc#1040151)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 8.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}, "published": "2017-08-10T00:00:00", "title": "SUSE SLED12 Security Update : puppet (SUSE-SU-2017:2113-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "modified": "2017-08-10T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:puppet"], "id": "SUSE_SU-2017-2113-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102352", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2113-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102352);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-2295\");\n\n script_name(english:\"SUSE SLED12 Security Update : puppet (SUSE-SU-2017:2113-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for puppet fixes the following issues: Security issue\nfixed :\n\n - CVE-2017-2295: Possible code execution vulnerability\n where an attacker could force YAML deserialization in an\n unsafe manner. In default, this update breaks a\n backwards compatibility with Puppet agents older than\n 3.2.2 as the SLE12 master doesn't support other fact\n formats than pson in default anymore. In order to allow\n users to continue using their SLE12 master/SLE11 agents\n setup and fix CVE-2017-2295 for the others, a new puppet\n master boolean option 'dangerous_fact_formats' was\n added. When it's set to true it enables using dangerous\n fact formats (e.g. YAML). When it's set to false, only\n PSON fact format is accepted. (bsc#1040151)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2295/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172113-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29e59b1e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Advanced Systems Management 12:zypper\nin -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-1310=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1310=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1310=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"puppet-3.8.5-15.3.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"puppet-3.8.5-15.3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:50:19", "description": "It was discovered that unrestricted YAML deserialisation of data sent\nfrom agents to the server in the Puppet configuration management\nsystem could result in the execution of arbitrary code.\n\nNote that this fix breaks backward compability with Puppet agents\nolder than 3.2.2 and there is no safe way to restore it. This affects\npuppet agents running on Debian wheezy; we recommend to update to the\npuppet version shipped in wheezy-backports.", "edition": 27, "cvss3": {"score": 8.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}, "published": "2017-05-26T00:00:00", "title": "Debian DSA-3862-1 : puppet - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "modified": "2017-05-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:puppet"], "id": "DEBIAN_DSA-3862.NASL", "href": "https://www.tenable.com/plugins/nessus/100432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3862. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100432);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-2295\");\n script_xref(name:\"DSA\", value:\"3862\");\n\n script_name(english:\"Debian DSA-3862-1 : puppet - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that unrestricted YAML deserialisation of data sent\nfrom agents to the server in the Puppet configuration management\nsystem could result in the execution of arbitrary code.\n\nNote that this fix breaks backward compability with Puppet agents\nolder than 3.2.2 and there is no safe way to restore it. This affects\npuppet agents running on Debian wheezy; we recommend to update to the\npuppet version shipped in wheezy-backports.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/puppet\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3862\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the puppet packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.7.2-4+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"puppet\", reference:\"3.7.2-4+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"puppet-common\", reference:\"3.7.2-4+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"puppet-el\", reference:\"3.7.2-4+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"puppet-testsuite\", reference:\"3.7.2-4+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"puppetmaster\", reference:\"3.7.2-4+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"puppetmaster-common\", reference:\"3.7.2-4+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"puppetmaster-passenger\", reference:\"3.7.2-4+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"vim-puppet\", reference:\"3.7.2-4+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:33:22", "description": "This update for rubygem-puppet fixes the following issues :\n\n - CVE-2017-2295: A remote attacker could have forced\n unsafe YAML deserialization which could have led to code\n execution (bsc#1040151)", "edition": 18, "cvss3": {"score": 8.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}, "published": "2017-07-26T00:00:00", "title": "openSUSE Security Update : rubygem-puppet (openSUSE-2017-835)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "modified": "2017-07-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.1-rubygem-puppet", "p-cpe:/a:novell:opensuse:rubygem-puppet-master", "p-cpe:/a:novell:opensuse:ruby2.1-rubygem-puppet-testsuite", "p-cpe:/a:novell:opensuse:rubygem-puppet-vim", "p-cpe:/a:novell:opensuse:ruby2.2-rubygem-puppet-testsuite", "p-cpe:/a:novell:opensuse:ruby2.4-rubygem-puppet", "p-cpe:/a:novell:opensuse:ruby2.3-rubygem-puppet-testsuite", "p-cpe:/a:novell:opensuse:ruby2.4-rubygem-puppet-testsuite", "p-cpe:/a:novell:opensuse:ruby2.3-rubygem-puppet", "p-cpe:/a:novell:opensuse:rubygem-puppet-emacs", "p-cpe:/a:novell:opensuse:ruby2.2-rubygem-puppet", "cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:rubygem-puppet", "p-cpe:/a:novell:opensuse:rubygem-puppet-master-unicorn"], "id": "OPENSUSE-2017-835.NASL", "href": "https://www.tenable.com/plugins/nessus/101969", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-835.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101969);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-2295\");\n\n script_name(english:\"openSUSE Security Update : rubygem-puppet (openSUSE-2017-835)\");\n script_summary(english:\"Check for the openSUSE-2017-835 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rubygem-puppet fixes the following issues :\n\n - CVE-2017-2295: A remote attacker could have forced\n unsafe YAML deserialization which could have led to code\n execution (bsc#1040151)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040151\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-puppet packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-puppet-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-rubygem-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-rubygem-puppet-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-rubygem-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-rubygem-puppet-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.4-rubygem-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.4-rubygem-puppet-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-puppet-emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-puppet-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-puppet-master-unicorn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-puppet-vim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-rubygem-puppet-3.8.7-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-rubygem-puppet-testsuite-3.8.7-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"rubygem-puppet-3.8.7-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"rubygem-puppet-emacs-3.8.7-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"rubygem-puppet-master-3.8.7-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"rubygem-puppet-master-unicorn-3.8.7-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"rubygem-puppet-vim-3.8.7-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.1-rubygem-puppet-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.2-rubygem-puppet-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.2-rubygem-puppet-testsuite-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.3-rubygem-puppet-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.3-rubygem-puppet-testsuite-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.4-rubygem-puppet-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.4-rubygem-puppet-testsuite-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rubygem-puppet-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rubygem-puppet-emacs-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rubygem-puppet-master-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rubygem-puppet-master-unicorn-3.8.7-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rubygem-puppet-vim-3.8.7-20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.1-rubygem-puppet / ruby2.1-rubygem-puppet-testsuite / etc\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:51:14", "description": "This update for puppet fixes the following issues :\n\n - CVE-2017-2295: Fixed a security vulnerability where an\n attacker could force YAML deserialization in an unsafe\n manner, which would lead to remote code execution. In\n default, this update would break a backwards\n compatibility with Puppet agents older than 3.2.2 as the\n SLE11 master doesn't support other fact formats than\n pson in default anymore. In order to allow users to\n continue using their SLE11 agents a patch was added that\n enables sending PSON from agents. For non-SUSE clients\n older that 3.2.2 a new puppet master boolean option\n 'dangerous_fact_formats' was added. When it's set to\n true it enables using dangerous fact formats (e.g.\n YAML). When it's set to false, only PSON fact format is\n accepted. (bsc#1040151), (bsc#1077767)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 8.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}, "published": "2018-03-06T00:00:00", "title": "SUSE SLES11 Security Update : puppet (SUSE-SU-2018:0600-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "modified": "2018-03-06T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:puppet-server", "p-cpe:/a:novell:suse_linux:puppet"], "id": "SUSE_SU-2018-0600-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107139", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0600-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107139);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-2295\");\n\n script_name(english:\"SUSE SLES11 Security Update : puppet (SUSE-SU-2018:0600-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for puppet fixes the following issues :\n\n - CVE-2017-2295: Fixed a security vulnerability where an\n attacker could force YAML deserialization in an unsafe\n manner, which would lead to remote code execution. In\n default, this update would break a backwards\n compatibility with Puppet agents older than 3.2.2 as the\n SLE11 master doesn't support other fact formats than\n pson in default anymore. In order to allow users to\n continue using their SLE11 agents a patch was added that\n enables sending PSON from agents. For non-SUSE clients\n older that 3.2.2 a new puppet master boolean option\n 'dangerous_fact_formats' was added. When it's set to\n true it enables using dangerous fact formats (e.g.\n YAML). When it's set to false, only PSON fact format is\n accepted. (bsc#1040151), (bsc#1077767)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2295/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180600-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?afae4c4b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-puppet-13498=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:puppet-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"puppet-2.7.26-0.5.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"puppet-server-2.7.26-0.5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T07:22:49", "description": "Dennis Rowe discovered that Puppet incorrectly handled the search\npath. A local attacker could use this issue to possibly execute\narbitrary code. (CVE-2014-3248)\n\nIt was discovered that Puppet incorrectly handled YAML\ndeserialization. A remote attacker could possibly use this issue to\nexecute arbitrary code on the master. This update is incompatible with\nagents older than 3.2.2. (CVE-2017-2295).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 8.2, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}, "published": "2017-06-06T00:00:00", "title": "Ubuntu 14.04 LTS : puppet vulnerabilities (USN-3308-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295", "CVE-2014-3248"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:puppet-common", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3308-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100632", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3308-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100632);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2014-3248\", \"CVE-2017-2295\");\n script_xref(name:\"USN\", value:\"3308-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : puppet vulnerabilities (USN-3308-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dennis Rowe discovered that Puppet incorrectly handled the search\npath. A local attacker could use this issue to possibly execute\narbitrary code. (CVE-2014-3248)\n\nIt was discovered that Puppet incorrectly handled YAML\ndeserialization. A remote attacker could possibly use this issue to\nexecute arbitrary code on the master. This update is incompatible with\nagents older than 3.2.2. (CVE-2017-2295).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3308-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected puppet-common package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"puppet-common\", pkgver:\"3.4.3-1ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"puppet-common\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T05:20:34", "description": "According to its self-reported version number, the Puppet install on\nthe remote host is affected by multiple vulnerabilities :\n\n - A remote command execution vulnerability exists in the MCollective plugin\n due to unsafe YAML deserialization. An unauthenticated, remote attacker \n can exploit this to bypass authentication and execute arbitrary commands. \n (CVE-2017-2292, CVE-2017-2295)\n\n - An arbitrary package install vulnerability exists in the MCollective plugin\n due to unsafe default configuration. An unauthenticated, remote attacker \n can exploit this to install or remove packages on all managed agents.\n (CVE-2017-2293)\n\n - An information disclosure vulnerability exists in the MCollective plugin\n due to unsafe storage of server private keys. An unauthenticated, remote attacker \n can exploit this to view sensitive private keys.\n (CVE-2017-2294)\n \n - An authentication bypass vulnerability exists in labled RBAC access tokens. \n An unauthenticated, attacker can exploit this, to bypass authentication \n and execute arbitrary actions of users configured to use labeled RBAC\n access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 \n and 2017.2.1. This only affects users with labeled tokens, which is \n not the default for tokens. (CVE-2017-2297)", "edition": 17, "cvss3": {"score": 9.0, "vector": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L"}, "published": "2019-10-09T00:00:00", "title": "Puppet Enterprise < 2016.4.5 / 2016.5.x / 2017.1.x Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295", "CVE-2017-2294", "CVE-2017-2292", "CVE-2017-2293", "CVE-2017-2297"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:puppetlabs:puppet"], "id": "PUPPET_ENTERPRISE_2016_4_5.NASL", "href": "https://www.tenable.com/plugins/nessus/129755", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129755);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/17 14:31:04\");\n\n script_cve_id(\n \"CVE-2017-2292\",\n \"CVE-2017-2293\",\n \"CVE-2017-2294\",\n \"CVE-2017-2295\",\n \"CVE-2017-2297\"\n );\n script_bugtraq_id(98582);\n\n script_name(english:\"Puppet Enterprise < 2016.4.5 / 2016.5.x / 2017.1.x Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Puppet Enterprise version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Puppet install on\nthe remote host is affected by multiple vulnerabilities :\n\n - A remote command execution vulnerability exists in the MCollective plugin\n due to unsafe YAML deserialization. An unauthenticated, remote attacker \n can exploit this to bypass authentication and execute arbitrary commands. \n (CVE-2017-2292, CVE-2017-2295)\n\n - An arbitrary package install vulnerability exists in the MCollective plugin\n due to unsafe default configuration. An unauthenticated, remote attacker \n can exploit this to install or remove packages on all managed agents.\n (CVE-2017-2293)\n\n - An information disclosure vulnerability exists in the MCollective plugin\n due to unsafe storage of server private keys. An unauthenticated, remote attacker \n can exploit this to view sensitive private keys.\n (CVE-2017-2294)\n \n - An authentication bypass vulnerability exists in labled RBAC access tokens. \n An unauthenticated, attacker can exploit this, to bypass authentication \n and execute arbitrary actions of users configured to use labeled RBAC\n access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 \n and 2017.2.1. This only affects users with labeled tokens, which is \n not the default for tokens. (CVE-2017-2297)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2017-2297\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Puppet Enterprise version 2016.4.5 / 2017.2.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-2292\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:puppetlabs:puppet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"puppet_enterprise_console_detect.nasl\", \"puppet_rest_detect.nasl\");\n script_require_keys(\"puppet/rest_port\", \"installed_sw/puppet_enterprise_console\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\napp = 'Puppet REST API'; # we get both enterprise and open-source versions from the api...\n\n# Make sure we detected a version \nport = get_kb_item_or_exit('puppet/rest_port');\nver = get_kb_item_or_exit('puppet/' + port + '/version');\n\n# Make sure the Console service is running\nget_kb_item_or_exit('installed_sw/puppet_enterprise_console');\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE, kb_ver: 'puppet/' + port + '/version');\n\n# version info obtained from https://puppet.com/docs/pe/2018.1/component_versions_in_recent_pe_releases.html\nconstraints = [\n {\"min_version\" : \"4.0.0\", \"fixed_version\" : \"4.10.1\", \"fixed_display\" : \"Puppet Enterprise (2016.4.5 / 2017.2.1)\"}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:11:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "description": "Versions of Puppet prior to 4.10.1 will deserialize data off the wire\n(from the agent to the server, in this case) with a attacker-specified\nformat. This could be used to force YAML deserialization in an unsafe\nmanner, which would lead to remote code execution.", "modified": "2020-01-29T00:00:00", "published": "2018-02-05T00:00:00", "id": "OPENVAS:1361412562310891012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891012", "type": "openvas", "title": "Debian LTS: Security Advisory for puppet (DLA-1012-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891012\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-2295\");\n script_name(\"Debian LTS: Security Advisory for puppet (DLA-1012-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-05 00:00:00 +0100 (Mon, 05 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00003.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"puppet on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n2.7.23-1~deb7u4, by enabling PSON serialization on clients and refusing\nnon-PSON formats on the server.\n\nWe recommend that you upgrade your puppet packages. Make sure you\nupdate all your clients before you update the server otherwise older\nclients won't be able to connect to the server.\");\n\n script_tag(name:\"summary\", value:\"Versions of Puppet prior to 4.10.1 will deserialize data off the wire\n(from the agent to the server, in this case) with a attacker-specified\nformat. This could be used to force YAML deserialization in an unsafe\nmanner, which would lead to remote code execution.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"puppet\", ver:\"2.7.23-1~deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"puppet-common\", ver:\"2.7.23-1~deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"puppet-el\", ver:\"2.7.23-1~deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"2.7.23-1~deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"2.7.23-1~deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"2.7.23-1~deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"2.7.23-1~deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"2.7.23-1~deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "description": "It was discovered that unrestricted YAML deserialisation of data sent\nfrom agents to the server in the Puppet configuration management system\ncould result in the execution of arbitrary code.\n\nNote that this fix breaks backward compatibility with Puppet agents older\nthan 3.2.2 and there is no safe way to restore it. This affects puppet\nagents running on Debian wheezy. We recommend to update to the\npuppet version shipped in wheezy-backports.", "modified": "2019-03-18T00:00:00", "published": "2017-05-25T00:00:00", "id": "OPENVAS:1361412562310703862", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703862", "type": "openvas", "title": "Debian Security Advisory DSA 3862-1 (puppet - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3862.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3862-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703862\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-2295\");\n script_name(\"Debian Security Advisory DSA 3862-1 (puppet - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-25 00:00:00 +0200 (Thu, 25 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3862.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"puppet on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), this problem has been fixed in\nversion 3.7.2-4+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.8.2-5.\n\nWe recommend that you upgrade your puppet packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that unrestricted YAML deserialisation of data sent\nfrom agents to the server in the Puppet configuration management system\ncould result in the execution of arbitrary code.\n\nNote that this fix breaks backward compatibility with Puppet agents older\nthan 3.2.2 and there is no safe way to restore it. This affects puppet\nagents running on Debian wheezy. We recommend to update to the\npuppet version shipped in wheezy-backports.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"puppet\", ver:\"3.7.2-4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"3.7.2-4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"3.7.2-4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"3.7.2-4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"3.7.2-4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"3.7.2-4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"3.7.2-4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"3.7.2-4+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-08-03T10:57:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "description": "It was discovered that unrestricted YAML deserialisation of data sent\nfrom agents to the server in the Puppet configuration management system\ncould result in the execution of arbitrary code.\n\nNote that this fix breaks backward compability with Puppet agents older\nthan 3.2.2 and there is no safe way to restore it. This affects puppet\nagents running on Debian wheezy; we recommend to update to the\npuppet version shipped in wheezy-backports.", "modified": "2017-07-19T00:00:00", "published": "2017-05-25T00:00:00", "id": "OPENVAS:703862", "href": "http://plugins.openvas.org/nasl.php?oid=703862", "type": "openvas", "title": "Debian Security Advisory DSA 3862-1 (puppet - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3862.nasl 6757 2017-07-19 05:57:31Z cfischer $\n# Auto-generated from advisory DSA 3862-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703862);\n script_version(\"$Revision: 6757 $\");\n script_cve_id(\"CVE-2017-2295\");\n script_name(\"Debian Security Advisory DSA 3862-1 (puppet - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-19 07:57:31 +0200 (Wed, 19 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-05-25 00:00:00 +0200 (Thu, 25 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3862.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"puppet on Debian Linux\");\n script_tag(name: \"insight\", value: \"Puppet is a server automation tool. It is composed of a declarative\nlanguage for expressing system configuration, a client and server for\ndistributing it, and a library for realizing the configuration.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 3.7.2-4+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.8.2-5.\n\nWe recommend that you upgrade your puppet packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that unrestricted YAML deserialisation of data sent\nfrom agents to the server in the Puppet configuration management system\ncould result in the execution of arbitrary code.\n\nNote that this fix breaks backward compability with Puppet agents older\nthan 3.2.2 and there is no safe way to restore it. This affects puppet\nagents running on Debian wheezy; we recommend to update to the\npuppet version shipped in wheezy-backports.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"puppet\", ver:\"3.7.2-4+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"3.7.2-4+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-el\", ver:\"3.7.2-4+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppet-testsuite\", ver:\"3.7.2-4+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster\", ver:\"3.7.2-4+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster-common\", ver:\"3.7.2-4+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"puppetmaster-passenger\", ver:\"3.7.2-4+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-puppet\", ver:\"3.7.2-4+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:27:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-07-25T00:00:00", "id": "OPENVAS:1361412562310851584", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851584", "type": "openvas", "title": "openSUSE: Security Advisory for rubygem-puppet (openSUSE-SU-2017:1948-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851584\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-25 07:25:13 +0200 (Tue, 25 Jul 2017)\");\n script_cve_id(\"CVE-2017-2295\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for rubygem-puppet (openSUSE-SU-2017:1948-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-puppet'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for rubygem-puppet fixes the following issues:\n\n - CVE-2017-2295: A remote attacker could have forced unsafe YAML\n deserialization which could have led to code execution (bsc#1040151)\");\n\n script_tag(name:\"affected\", value:\"rubygem-puppet on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1948-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-rubygem-puppet\", rpm:\"ruby2.1-rubygem-puppet~3.8.7~17.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-rubygem-puppet-doc\", rpm:\"ruby2.1-rubygem-puppet-doc~3.8.7~17.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-rubygem-puppet-testsuite\", rpm:\"ruby2.1-rubygem-puppet-testsuite~3.8.7~17.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-puppet\", rpm:\"rubygem-puppet~3.8.7~17.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-puppet-master\", rpm:\"rubygem-puppet-master~3.8.7~17.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-puppet-emacs\", rpm:\"rubygem-puppet-emacs~3.8.7~17.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-puppet-master-unicorn\", rpm:\"rubygem-puppet-master-unicorn~3.8.7~17.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-puppet-vim\", rpm:\"rubygem-puppet-vim~3.8.7~17.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-06-02T00:00:00", "id": "OPENVAS:1361412562310872728", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872728", "type": "openvas", "title": "Fedora Update for puppet FEDORA-2017-8ad8d1bd86", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for puppet FEDORA-2017-8ad8d1bd86\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872728\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-02 07:02:59 +0200 (Fri, 02 Jun 2017)\");\n script_cve_id(\"CVE-2017-2295\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for puppet FEDORA-2017-8ad8d1bd86\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"puppet on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8ad8d1bd86\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MHVQ25R6UFHFJ7NXHYLNBG3BQ7M57THN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"puppet\", rpm:\"puppet~4.2.1~5.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295", "CVE-2014-3248"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-06-06T00:00:00", "id": "OPENVAS:1361412562310843194", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843194", "type": "openvas", "title": "Ubuntu Update for puppet USN-3308-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for puppet USN-3308-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843194\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-06 06:27:24 +0200 (Tue, 06 Jun 2017)\");\n script_cve_id(\"CVE-2014-3248\", \"CVE-2017-2295\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for puppet USN-3308-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'puppet'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Dennis Rowe discovered that Puppet\n incorrectly handled the search path. A local attacker could use this issue to\n possibly execute arbitrary code. (CVE-2014-3248) It was discovered that Puppet\n incorrectly handled YAML deserialization. A remote attacker could possibly use\n this issue to execute arbitrary code on the master. This update is incompatible\n with agents older than 3.2.2. (CVE-2017-2295)\");\n script_tag(name:\"affected\", value:\"puppet on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3308-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3308-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"puppet-common\", ver:\"3.4.3-1ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2295", "CVE-2017-2294", "CVE-2017-2292", "CVE-2017-2293", "CVE-2017-2297"], "description": "Puppet Enterprise is prone to multiple vulnerabilities.", "modified": "2018-10-26T00:00:00", "published": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310106929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106929", "type": "openvas", "title": "Puppet Enterprise < 2016.4.5 / < 2017.2.1 Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_puppet_enterprise_mult_vuln.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Puppet Enterprise < 2016.4.5 / < 2017.2.1 Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:puppet:enterprise\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106929\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-06 15:23:17 +0700 (Thu, 06 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-2292\", \"CVE-2017-2293\", \"CVE-2017-2294\", \"CVE-2017-2295\", \"CVE-2017-2297\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Puppet Enterprise < 2016.4.5 / < 2017.2.1 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_puppet_enterprise_detect.nasl\");\n script_mandatory_keys(\"puppet_enterprise/installed\");\n\n script_tag(name:\"summary\", value:\"Puppet Enterprise is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Puppet Enterprise is prone to multiple vulnerabilities:\n\n - MCollective Remote Code Execution Via YAML Deserialization (CVE-2017-2292)\n\n - MCollective Server Allows Installing Arbitrary Packages On Agents (CVE-2017-2293)\n\n - MCollective Private Keys Visible In PuppetDB (CVE-2017-2294)\n\n - Puppet Server Remote Code Execution Via YAML Deserialization (CVE-2017-2295)\n\n - Incorrect Credential Management with RBAC Tokens (CVE-2017-2297)\");\n\n script_tag(name:\"affected\", value:\"Puppet Enterprise prior to 2016.4.5, 2016.5.x, 2017.1.x.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2016.4.5, 2017.2.1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2292\");\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2293\");\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2294\");\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2295\");\n script_xref(name:\"URL\", value:\"https://puppet.com/security/cve/cve-2017-2297\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: version, test_version: \"2016.4.5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2016.4.5\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version:\"2016.5.0\", test_version2: \"2017.2.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2017.2.1\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T00:56:49", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2295"], "description": "Package : puppet\nVersion : 2.7.23-1~deb7u4\nCVE ID : CVE-2017-2295\nDebian Bug : 863212\n\nVersions of Puppet prior to 4.10.1 will deserialize data off the wire\n(from the agent to the server, in this case) with a attacker-specified\nformat. This could be used to force YAML deserialization in an unsafe\nmanner, which would lead to remote code execution.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n2.7.23-1~deb7u4, by enabling PSON serialization on clients and refusing\nnon-PSON formats on the server.\n\nWe recommend that you upgrade your puppet packages. Make sure you\nupdate all your clients before you update the server otherwise older\nclients won&#x27;t be able to connect to the server.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 11, "modified": "2017-07-03T15:30:05", "published": "2017-07-03T15:30:05", "id": "DEBIAN:DLA-1012-1:62EF6", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201707/msg00003.html", "title": "[SECURITY] [DLA 1012-1] puppet security update", "type": "debian", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:02:33", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2295"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3862-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : puppet\nCVE ID : CVE-2017-2295\n\nIt was discovered that unrestricted YAML deserialisation of data sent\nfrom agents to the server in the Puppet configuration management system\ncould result in the execution of arbitrary code.\n\nNote that this fix breaks backward compability with Puppet agents older\nthan 3.2.2 and there is no safe way to restore it. This affects puppet\nagents running on Debian wheezy; we recommend to update the the\npuppet version shipped in wheezy-backports.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.7.2-4+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.8.2-5.\n\nWe recommend that you upgrade your puppet packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2017-05-25T21:32:03", "published": "2017-05-25T21:32:03", "id": "DEBIAN:DSA-3862-1:BC5FB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00122.html", "title": "[SECURITY] [DSA 3862-1] puppet security update", "type": "debian", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-08-09T17:07:07", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2295"], "description": "This update for puppet fixes the following issues:\n\n Security issue fixed:\n - CVE-2017-2295: Possible code execution vulnerability where an attacker\n could force YAML deserialization in an unsafe manner. In default, this\n update breaks a backwards compatibility with Puppet agents older than\n 3.2.2 as the SLE12 master doesn't support other fact formats than pson\n in default anymore. In order to allow users to continue using their\n SLE12 master/SLE11 agents setup and fix CVE-2017-2295 for the others, a\n new puppet master boolean option &quot;dangerous_fact_formats&quot; was added.\n When it's set to true it enables using dangerous fact formats (e.g.\n YAML). When it's set to false, only PSON fact format is accepted.\n (bsc#1040151)\n\n", "edition": 1, "modified": "2017-08-09T15:32:08", "published": "2017-08-09T15:32:08", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00034.html", "id": "SUSE-SU-2017:2113-1", "title": "Security update for puppet (important)", "type": "suse", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2020-11-10T12:37:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2295"], "description": "**Issue Overview:**\n\nUnsafe YAML deserialization: \nVersions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. ([CVE-2017-2295 __](<https://access.redhat.com/security/cve/CVE-2017-2295>) )\n\n \n**Affected Packages:** \n\n\npuppet3\n\n \n**Issue Correction:** \nRun _yum update puppet3_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n puppet3-3.7.4-1.13.amzn1.noarch \n puppet3-server-3.7.4-1.13.amzn1.noarch \n \n src: \n puppet3-3.7.4-1.13.amzn1.src \n \n \n", "edition": 4, "modified": "2017-06-22T19:23:00", "published": "2017-06-22T19:23:00", "id": "ALAS-2017-849", "href": "https://alas.aws.amazon.com/ALAS-2017-849.html", "title": "Important: puppet3", "type": "amazon", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:29", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2295", "CVE-2014-3248"], "description": "Dennis Rowe discovered that Puppet incorrectly handled the search path. A \nlocal attacker could use this issue to possibly execute arbitrary code. \n(CVE-2014-3248)\n\nIt was discovered that Puppet incorrectly handled YAML deserialization. A \nremote attacker could possibly use this issue to execute arbitrary code on \nthe master. This update is incompatible with agents older than 3.2.2. \n(CVE-2017-2295)", "edition": 5, "modified": "2017-06-05T00:00:00", "published": "2017-06-05T00:00:00", "id": "USN-3308-1", "href": "https://ubuntu.com/security/notices/USN-3308-1", "title": "Puppet vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2020-08-11T14:04:47", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6459", "CVE-2014-8183", "CVE-2016-1669", "CVE-2016-3693", "CVE-2016-3696", "CVE-2016-3704", "CVE-2016-4451", "CVE-2016-4995", "CVE-2016-4996", "CVE-2016-6319", "CVE-2016-7077", "CVE-2016-7078", "CVE-2016-8613", "CVE-2016-8634", "CVE-2016-8639", "CVE-2016-9593", "CVE-2016-9595", "CVE-2017-15699", "CVE-2017-2295", "CVE-2017-2667", "CVE-2017-2672", "CVE-2018-14623"], "description": "Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.\n\nThis update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.\n\nAll users who require Satellite version 6.3 are advised to install these new packages.\n\nSecurity Fix(es):\n\n* V8: integer overflow leading to buffer overflow in Zone::New (CVE-2016-1669)\n\n* rubygem-will_paginate: XSS vulnerabilities (CVE-2013-6459)\n\n* foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization (CVE-2014-8183)\n\n* foreman: inspect in a provisioning template exposes sensitive controller information (CVE-2016-3693)\n\n* pulp: Unsafe use of bash $RANDOM for NSS DB password and seed (CVE-2016-3704)\n\n* foreman: privilege escalation through Organization and Locations API (CVE-2016-4451)\n\n* foreman: inside discovery-debug, the root password is displayed in plaintext (CVE-2016-4996)\n\n* foreman: Persistent XSS in Foreman remote execution plugin (CVE-2016-6319)\n\n* foreman: Stored XSS via organization/location with HTML in name (CVE-2016-8639)\n\n* katello-debug: Possible symlink attacks due to use of predictable file names (CVE-2016-9595)\n\n* rubygem-hammer_cli: no verification of API server's SSL certificate (CVE-2017-2667)\n\n* foreman: Image password leak (CVE-2017-2672)\n\n* pulp: Leakage of CA key in pulp-qpid-ssl-cfg (CVE-2016-3696)\n\n* foreman: Information disclosure in provisioning template previews (CVE-2016-4995)\n\n* foreman-debug: missing obfuscation of sensitive information (CVE-2016-9593)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Randy Barlow (RedHat) for reporting CVE-2016-3704 and Sander Bos for reporting CVE-2016-3696. The CVE-2014-8183 issue was discovered by Eric Helms (Red Hat); the CVE-2016-3693 and CVE-2016-4995 issues were discovered by Dominic Cleal (Red Hat); the CVE-2016-4451 and CVE-2016-6319 issues were discovered by Marek Hul\u00e1n (Red Hat); the CVE-2016-4996 issue was discovered by Thom Carlin (Red Hat); the CVE-2016-8639 issue was discovered by Sanket Jagtap (Red Hat); the CVE-2016-9595 issue was discovered by Evgeni Golov (Red Hat); the CVE-2017-2667 issue was discovered by Tomas Strachota (Red Hat); and the CVE-2016-9593 issue was discovered by Pavel Moravec (Red Hat).", "modified": "2020-08-11T18:02:17", "published": "2018-02-21T17:15:22", "id": "RHSA-2018:0336", "href": "https://access.redhat.com/errata/RHSA-2018:0336", "type": "redhat", "title": "(RHSA-2018:0336) Important: Satellite 6.3 security, bug fix, and enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}