Vulnerabilities > CVE-2013-1653 - Arbitrary Code Execution vulnerability in Puppet
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request. per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-3935.NASL description Security release from upstream. https://groups.google.com/group/puppet-announce/browse_thread/thread/7 ff8326dc79257a1 update to 3.1.0 with proper handling of Systemd. Here is where you give an explanation of your update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-08-02 plugin id 69189 published 2013-08-02 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69189 title Fedora 18 : puppet-3.1.1-1.fc18 (2013-3935) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2643.NASL description Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. - CVE-2013-1640 An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the last seen 2020-03-17 modified 2013-03-13 plugin id 65228 published 2013-03-13 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65228 title Debian DSA-2643-1 : puppet - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1759-1.NASL description It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. (CVE-2013-1653) It was discovered that Puppet incorrectly handled certain catalog requests. An attacker on an authenticated client could use this issue to possibly execute arbitrary code on the master. (CVE-2013-1640) It was discovered that Puppet incorrectly handled certain client requests. An attacker on an authenticated client could use this issue to possibly perform unauthorized actions. (CVE-2013-1652) It was discovered that Puppet incorrectly handled certain SSL connections. An attacker could use this issue to possibly downgrade connections to SSLv2. (CVE-2013-1654) It was discovered that Puppet incorrectly handled serialized attributes. An attacker on an authenticated client could use this issue to possibly cause a denial of service, or execute arbitrary. (CVE-2013-1655) It was discovered that Puppet incorrectly handled submitted reports. An attacker on an authenticated node could use this issue to possibly submit a report for any other node. (CVE-2013-2275). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 65251 published 2013-03-13 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65251 title Ubuntu 11.10 / 12.04 LTS / 12.10 : puppet vulnerabilities (USN-1759-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-4187.NASL description Updates for the security announcements from Puppet Labs on 12-Mar-2013. https://groups.google.com/group/puppet-announce/t/9200f268f8479e2c This update also provides backported fixes for a number of issues with ruby-1.9. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-01 plugin id 65749 published 2013-04-01 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65749 title Fedora 17 : puppet-2.7.21-2.fc17 (2013-4187) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CDA566A02DF04EB0B70EED7A6FB0AB3C.NASL description Moses Mendoza reports : A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the last seen 2020-06-01 modified 2020-06-02 plugin id 65542 published 2013-03-14 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65542 title FreeBSD : puppet27 and puppet -- multiple vulnerabilities (cda566a0-2df0-4eb0-b70e-ed7a6fb0ab3c) NASL family SuSE Local Security Checks NASL id SUSE_11_PUPPET-130320.NASL description puppet has been updated to fix 2.6.18 multiple vulnerabilities and bugs. - (#19391) Find the catalog for the specified node name - Don last seen 2020-06-05 modified 2013-04-04 plugin id 65796 published 2013-04-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65796 title SuSE 11.2 Security Update : puppet (SAT Patch Number 7526) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-295.NASL description Various security issues were fixed in puppet. CVE-2013-1655 CVE-2013-2275 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 last seen 2020-06-05 modified 2014-06-13 plugin id 74952 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74952 title openSUSE Security Update : puppet (openSUSE-2013-295) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201308-04.NASL description The remote host is affected by the vulnerability described in GLSA-201308-04 (Puppet: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 69464 published 2013-08-25 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69464 title GLSA-201308-04 : Puppet: Multiple vulnerabilities
References
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
- http://secunia.com/advisories/52596
- http://ubuntu.com/usn/usn-1759-1
- http://www.debian.org/security/2013/dsa-2643
- http://www.securityfocus.com/bid/58446
- https://puppetlabs.com/security/cve/cve-2013-1653/