Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."
Puppet is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server.Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which may aid in further attacks.Puppet 0.24.0 through 2.7.5 are vulnerable.
Updates are available. Please see the references for more information.
An attacker can exploit this issue through man-in-the-middle attacks.
|2011-10-27||CVE-2011-3869||Link Following vulnerability in Puppetlabs Puppet||Medium|
|2011-10-27||CVE-2011-3848||Path Traversal vulnerability in Puppetlabs Puppet||Medium|
|2011-10-27||CVE-2011-3871||Permissions, Privileges, and Access Control vulnerability in Puppetlabs Puppet||Medium|
|2011-10-27||CVE-2011-3870||Link Following vulnerability in Puppetlabs Puppet||Medium|