Lucene search
Ubuntu.comUB:CVE-2012-3408HistoryAug 06, 2012 - 12:00 a.m.
CVE-2012-3408
2012-08-0600:00:00
ubuntu.com
ubuntu.com
12
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet
Enterprise before 2.5.2, supports use of IP addresses in certnames without
warning of potential risks, which might allow remote attackers to spoof an
agent by acquiring a previously used IP address.
Notes
| Author | Note |
|---|---|
| mdeslaur | This would break existing installations. This will be fixed in upstream 3.0. For 2.7, USN-1506-1 added a deprecation warning. Since this change would break existing installations, we will not fix this in Ubuntu. |
Related
osv
osv
cve
cve
CVE-2012-3408
2012-08-06 16:55:00
prion
prion
Code injection
2012-08-06 16:55:00
debiancve
debiancve
CVE-2012-3408
2012-08-06 16:55:00
github
github
openvas
openvas
Fedora Update for puppet FEDORA-2012-10891
2012-08-30 00:00:00
Fedora Update for puppet FEDORA-2012-10891
2012-08-30 00:00:00
nessus
nessus
Fedora 17 : puppet-2.7.18-1.fc17 (2012-10891)
2012-07-30 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: puppet-2.7.18-1.fc17
2012-07-28 01:20:31
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%
Related for UB:CVE-2012-3408