Lucene search
UbuntuUSN-1217-1HistorySep 29, 2011 - 12:00 a.m.
Puppet vulnerability
2011-09-2900:00:00
ubuntu.com
31
6.2 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.7%
Releases
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04
Packages
- puppet - centralised configuration management for networks
Details
Kristian Erik Hermansen discovered a directory traversal vulnerability in
the SSLFile indirection base class. A remote attacker could exploit this to
overwrite files with the privileges of the Puppet Master.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.04 | noarch | puppet-common | < 2.6.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | puppet | < 2.6.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | puppet-el | < 2.6.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | puppet-testsuite | < 2.6.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | puppetmaster | < 2.6.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | puppetmaster-common | < 2.6.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | puppetmaster-passenger | < 2.6.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | vim-puppet | < 2.6.4-2ubuntu2.2 | UNKNOWN |
| Ubuntu | 10.10 | noarch | puppet-common | < 2.6.1-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 10.10 | noarch | puppet | < 2.6.1-0ubuntu2.1 | UNKNOWN |
References
Related
nessus
nessus
openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerability (USN-1217-1)
2011-09-29 00:00:00
openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)
2014-06-13 00:00:00
openvas
openvas
Ubuntu Update for puppet USN-1217-1
2011-09-30 00:00:00
Ubuntu Update for puppet USN-1217-1
2011-09-30 00:00:00
Fedora Update for puppet FEDORA-2011-13636
2011-10-18 00:00:00
cve
cve
CVE-2011-3848
2011-10-27 20:55:00
ubuntucve
ubuntucve
CVE-2011-3848
2011-09-28 00:00:00
prion
prion
Directory traversal
2011-10-27 20:55:00
debian
debian
[BSA-050] Security Update for puppet
2011-09-30 15:12:16
[BSA-051] Security update for puppet
2011-10-03 14:58:37
[SECURITY] [DSA 2314-1] puppet security update
2011-10-03 17:13:49
debiancve
debiancve
CVE-2011-3848
2011-10-27 20:55:00
fedora
fedora
[SECURITY] Fedora 14 Update: puppet-2.6.6-3.fc14
2011-10-15 20:28:07
[SECURITY] Fedora 15 Update: puppet-2.6.6-3.fc15
2011-10-15 20:25:52
[SECURITY] Fedora 15 Update: puppet-2.6.12-1.fc15
2011-11-19 06:01:24
osv
osv
puppet - several
2011-10-03 00:00:00
gentoo
gentoo
Puppet: Multiple vulnerabilities
2012-03-06 00:00:00
6.2 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.7%
Related for USN-1217-1