UbuntuUSN-1238-1Puppet vulnerability
6 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
73.8%
Releases
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04
Packages
- puppet - Centralized configuration management
Details
It was discovered that Puppet incorrectly handled the non-default
βcertdnsnamesβ option when generating certificates. If this setting was
added to puppet.conf, the puppet primary serverβs DNS alt names were added
to the X.509 Subject Alternative Name field of all certificates, not just
the puppet primary serverβs certificate. An attacker that has an incorrect
agent certificate in his possession can use it to impersonate the puppet
primary server in a machine-in-the-middle attack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.10 | noarch | puppet-common | <Β 2.7.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | puppet | <Β 2.7.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | puppet-el | <Β 2.7.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | puppet-testsuite | <Β 2.7.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | puppetmaster | <Β 2.7.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | puppetmaster-common | <Β 2.7.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | puppetmaster-passenger | <Β 2.7.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | vim-puppet | <Β 2.7.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | puppet-common | <Β 2.6.4-2ubuntu2.5 | UNKNOWN |
| Ubuntu | 11.04 | noarch | puppet | <Β 2.6.4-2ubuntu2.5 | UNKNOWN |
References
Related
6 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
73.8%