Vulnerabilities > CVE-2012-1988 - OS Command Injection vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
- Command Delimiters An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
- Exploiting Multiple Input Interpretation Layers An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
- Argument Injection An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
- OS Command Injection In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-6674.NASL description With Fedora 17 using ruby-1.9.3, an update to puppet-2.7, which has improved support for ruby-1.9, is required. Note that ruby-1.9 is not fully supported in the puppet-2.7 series. Where possible, patches from the next upstream release branch will be backported to improve ruby-1.9 compatibility. Also note that there will likely be issues when connecting to a puppet-2.6 master. This is unavoidable for the moment. Normally all Fedora and EPEL branches are kept in sync to avoid this problem. At this time, a decision to move all branches to 2.7 has not been made. This update obsoletes puppet-2.6.16, which fixed several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-05-07 plugin id 59000 published 2012-05-07 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59000 title Fedora 17 : puppet-2.7.13-1.fc17 (2012-6674) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-6674. # include("compat.inc"); if (description) { script_id(59000); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988"); script_bugtraq_id(52975); script_xref(name:"FEDORA", value:"2012-6674"); script_name(english:"Fedora 17 : puppet-2.7.13-1.fc17 (2012-6674)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "With Fedora 17 using ruby-1.9.3, an update to puppet-2.7, which has improved support for ruby-1.9, is required. Note that ruby-1.9 is not fully supported in the puppet-2.7 series. Where possible, patches from the next upstream release branch will be backported to improve ruby-1.9 compatibility. Also note that there will likely be issues when connecting to a puppet-2.6 master. This is unavoidable for the moment. Normally all Fedora and EPEL branches are kept in sync to avoid this problem. At this time, a decision to move all branches to 2.7 has not been made. This update obsoletes puppet-2.6.16, which fixed several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13 script_set_attribute( attribute:"see_also", value:"https://puppet.com/docs/puppet/6.0/release_notes_puppet.html#2.7.13" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=810069" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=810070" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=810071" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?28868bfb" ); script_set_attribute( attribute:"solution", value:"Update the affected puppet package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:puppet"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"puppet-2.7.13-1.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "puppet"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_607D2108A0E4423ABF78846F2A8F01B0.NASL description Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information. last seen 2020-06-01 modified 2020-06-02 plugin id 58670 published 2012-04-11 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58670 title FreeBSD : puppet -- Multiple Vulnerabilities (607d2108-a0e4-423a-bf78-846f2a8f01b0) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(58670); script_version("1.9"); script_cvs_date("Date: 2018/12/19 13:21:18"); script_cve_id("CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"); script_name(english:"FreeBSD : puppet -- Multiple Vulnerabilities (607d2108-a0e4-423a-bf78-846f2a8f01b0)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information." ); # http://puppetlabs.com/security/cve/cve-2012-1906/ script_set_attribute( attribute:"see_also", value:"https://puppet.com/security/cve/cve-2012-1906" ); # http://puppetlabs.com/security/cve/cve-2012-1986/ script_set_attribute( attribute:"see_also", value:"https://puppet.com/security/cve/cve-2012-1986" ); # http://puppetlabs.com/security/cve/cve-2012-1987/ script_set_attribute( attribute:"see_also", value:"https://puppet.com/security/cve/cve-2012-1987" ); # http://puppetlabs.com/security/cve/cve-2012-1988/ script_set_attribute( attribute:"see_also", value:"https://puppet.com/security/cve/cve-2012-1988" ); # http://puppetlabs.com/security/cve/cve-2012-1989/ script_set_attribute( attribute:"see_also", value:"https://puppet.com/security/cve/cve-2012-1989" ); # https://vuxml.freebsd.org/freebsd/607d2108-a0e4-423a-bf78-846f2a8f01b0.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?77b95470" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:puppet"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/26"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"puppet>2.7.*<2.7.12_1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201208-02.NASL description The remote host is affected by the vulnerability described in GLSA-201208-02 (Puppet: Multiple vulnerabilities) Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files (CVE-2012-1906). REST requests for a file in a remote filebucket are not handled properly by overriding filebucket storage locations (CVE-2012-1986). REST requests for a file in a remote filebucket are not handled properly by reading streams or writing files on the Puppet master last seen 2020-06-01 modified 2020-06-02 plugin id 61541 published 2012-08-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61541 title GLSA-201208-02 : Puppet: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201208-02. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(61541); script_version("1.7"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2012-1906", "CVE-2012-1986", "CVE-2012-1987", "CVE-2012-1988", "CVE-2012-1989"); script_bugtraq_id(52975); script_xref(name:"GLSA", value:"201208-02"); script_name(english:"GLSA-201208-02 : Puppet: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201208-02 (Puppet: Multiple vulnerabilities) Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files (CVE-2012-1906). REST requests for a file in a remote filebucket are not handled properly by overriding filebucket storage locations (CVE-2012-1986). REST requests for a file in a remote filebucket are not handled properly by reading streams or writing files on the Puppet master's file system (CVE-2012-1987). File name paths are not properly sanitized from bucket requests (CVE-2012-1988). The Telnet utility in Puppet does not handle temporary files securely (CVE-2012-1989). Impact : A local attacker with access to agent SSL keys could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or perform symlink attacks to overwrite or read arbitrary files on the Puppet master. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201208-02" ); script_set_attribute( attribute:"solution", value: "All Puppet users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/puppet-2.7.13'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:puppet"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-admin/puppet", unaffected:make_list("ge 2.7.13"), vulnerable:make_list("lt 2.7.13"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Puppet"); }NASL family Fedora Local Security Checks NASL id FEDORA_2012-6055.NASL description This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-30 plugin id 58911 published 2012-04-30 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58911 title Fedora 15 : puppet-2.6.16-1.fc15 (2012-6055) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1419-1.NASL description It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. (CVE-2012-1906) It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. (CVE-2012-1986) It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. (CVE-2012-1987) It was discovered that Puppet incorrectly handled filebucket requests. A local attacker could exploit this to execute arbitrary code via a crafted file path. (CVE-2012-1988) It was discovered that Puppet used a predictable filename for the Telnet connection log file. A local attacker could exploit this to overwrite arbitrary files. This issue only affected Ubuntu 11.10. (CVE-2012-1989). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58680 published 2012-04-11 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58680 title Ubuntu 10.04 LTS / 11.04 / 11.10 : puppet vulnerabilities (USN-1419-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-5999.NASL description This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-30 plugin id 58909 published 2012-04-30 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58909 title Fedora 16 : puppet-2.6.16-1.fc16 (2012-5999) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-269.NASL description puppet was prone to several security issues last seen 2020-06-05 modified 2014-06-13 plugin id 74620 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74620 title openSUSE Security Update : puppet (openSUSE-SU-2012:0608-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2451.NASL description Several vulnerabilities have been discovered in Puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-1906 Puppet is using predictable temporary file names when downloading Mac OS X package files. This allows a local attacker to either overwrite arbitrary files on the system or to install an arbitrary package. - CVE-2012-1986 When handling requests for a file from a remote filebucket, Puppet can be tricked into overwriting its defined location for filebucket storage. This allows an authorized attacker with access to the Puppet master to read arbitrary files. - CVE-2012-1987 Puppet is incorrectly handling filebucket store requests. This allows an attacker to perform denial of service attacks against Puppet by resource exhaustion. - CVE-2012-1988 Puppet is incorrectly handling filebucket requests. This allows an attacker with access to the certificate on the agent and an unprivileged account on Puppet master to execute arbitrary code via crafted file path names and making a filebucket request. last seen 2020-03-17 modified 2012-04-16 plugin id 58753 published 2012-04-16 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58753 title Debian DSA-2451-1 : puppet - several vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-369.NASL description - Fixed bnc#747657: CVE-2012-1053, CVE-2012-1054: improper privilege dropping and file handling flaws This was done by updating to the new version in stable branch. The stable branch receives only security fixes and this update does not provide any new features. - Fixed bnc#755869 CVE-2012-1988: Filebucket arbitrary code execution - Fixed bnc#755872 CVE-2012-1986: Arbitrary File Read - Fixed bnc#755870 CVE-2012-1987: Denial of Service - Fixed bnc#755871 CVE-2012-1989: Arbitrary File Write last seen 2020-06-05 modified 2014-06-13 plugin id 74671 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74671 title openSUSE Security Update : puppet (openSUSE-SU-2012:0835-1) NASL family SuSE Local Security Checks NASL id SUSE_11_PUPPET-120411.NASL description This update fixes the following issues : - Filebucket arbitrary file read. (CVE-2011-1986) - Filebucket DoS. (CVE-2012-1987) - Filebucket arbitrary code execution. (CVE-2012-1988) - insecure handling of temporary files. (CVE-2012-1989) last seen 2020-06-05 modified 2013-01-25 plugin id 64217 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64217 title SuSE 11.1 Security Update : puppet (SAT Patch Number 6115)
Redhat
| rpms |
|
References
- http://www.securityfocus.com/bid/52975
- http://www.debian.org/security/2012/dsa-2451
- http://secunia.com/advisories/48789
- http://secunia.com/advisories/48748
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
- http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
- http://projects.puppetlabs.com/issues/13518
- http://secunia.com/advisories/48743
- http://secunia.com/advisories/49136
- http://www.osvdb.org/81309
- https://hermes.opensuse.org/messages/14523305
- http://ubuntu.com/usn/usn-1419-1
- https://hermes.opensuse.org/messages/15087408
- http://puppetlabs.com/security/cve/cve-2012-1988/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74796