CVE-2011-3872 - Input Validation vulnerability in Puppetlabs Puppet and Puppet Enterprise Users

Publication

2011-10-27

Last modification

2017-12-09

Summary

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."

Description

Puppet is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server.Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which may aid in further attacks.Puppet 0.24.0 through 2.7.5 are vulnerable.

Solution

Updates are available. Please see the references for more information.

Exploit

An attacker can exploit this issue through man-in-the-middle attacks.

Classification

CWE-20 - Input Validation

Risk level (CVSS AV:N/AC:H/Au:N/C:N/I:P/A:N)

Low

2.6

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products