CVE-2012-3867

2012-07-1200:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.8%

JSON

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x
before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly
restrict the characters in the Common Name field of a Certificate Signing
Request (CSR), which makes it easier for user-assisted remote attackers to
trick administrators into signing a crafted agent certificate via ANSI
control sequences.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpuppet< 0.25.4-2ubuntu6.8UNKNOWN
ubuntu11.04noarchpuppet< 2.6.4-2ubuntu2.10UNKNOWN
ubuntu11.10noarchpuppet< 2.7.1-1ubuntu3.7UNKNOWN
ubuntu12.04noarchpuppet< 2.7.11-1ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	puppet	< 0.25.4-2ubuntu6.8	UNKNOWN
ubuntu	11.04	noarch	puppet	< 2.6.4-2ubuntu2.10	UNKNOWN
ubuntu	11.10	noarch	puppet	< 2.7.1-1ubuntu3.7	UNKNOWN
ubuntu	12.04	noarch	puppet	< 2.7.11-1ubuntu2.1	UNKNOWN