Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-1988 | First vendor Publication | 2012-05-29 |
| Vendor | Cve | Last vendor Modification | 2024-02-02 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18629 | |||
| Oval ID: | oval:org.mitre.oval:def:18629 | ||
| Title: | DSA-2451-1 puppet - several | ||
| Description: | Several vulnerabilities have been discovered in Puppet, a centralized configuration management system. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2451-1 CVE-2012-1906 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | puppet |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-08-30 | Name : Fedora Update for puppet FEDORA-2012-6674 File : nvt/gb_fedora_2012_6674_puppet_fc17.nasl |
| 2012-08-30 | Name : Gentoo Security Advisory GLSA 201208-02 (Puppet) File : nvt/glsa_201208_02.nasl |
| 2012-07-30 | Name : Fedora Update for puppet FEDORA-2012-10897 File : nvt/gb_fedora_2012_10897_puppet_fc16.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2451-1 (puppet) File : nvt/deb_2451_1.nasl |
| 2012-04-30 | Name : FreeBSD Ports: puppet File : nvt/freebsd_puppet.nasl |
| 2012-04-30 | Name : Fedora Update for puppet FEDORA-2012-5999 File : nvt/gb_fedora_2012_5999_puppet_fc16.nasl |
| 2012-04-30 | Name : Fedora Update for puppet FEDORA-2012-6055 File : nvt/gb_fedora_2012_6055_puppet_fc15.nasl |
| 2012-04-13 | Name : Ubuntu Update for puppet USN-1419-1 File : nvt/gb_ubuntu_USN_1419_1.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-269.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-369.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_puppet-120411.nasl - Type : ACT_GATHER_INFO |
| 2012-08-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201208-02.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6674.nasl - Type : ACT_GATHER_INFO |
| 2012-04-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5999.nasl - Type : ACT_GATHER_INFO |
| 2012-04-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6055.nasl - Type : ACT_GATHER_INFO |
| 2012-04-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2451.nasl - Type : ACT_GATHER_INFO |
| 2012-04-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_607d2108a0e4423abf78846f2a8f01b0.nasl - Type : ACT_GATHER_INFO |
| 2012-04-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1419-1.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 21:28:23 |
|
| 2024-02-02 01:19:04 |
|
| 2024-02-01 12:05:38 |
|
| 2023-09-05 12:17:59 |
|
| 2023-09-05 01:05:31 |
|
| 2023-09-02 12:18:00 |
|
| 2023-09-02 01:05:36 |
|
| 2023-08-12 12:21:46 |
|
| 2023-08-12 01:05:38 |
|
| 2023-08-11 12:18:07 |
|
| 2023-08-11 01:05:47 |
|
| 2023-08-06 12:17:25 |
|
| 2023-08-06 01:05:38 |
|
| 2023-08-04 12:17:29 |
|
| 2023-08-04 01:05:41 |
|
| 2023-07-14 12:17:28 |
|
| 2023-07-14 01:05:35 |
|
| 2023-03-29 01:19:25 |
|
| 2023-03-28 12:05:43 |
|
| 2022-10-11 12:15:36 |
|
| 2022-10-11 01:05:19 |
|
| 2021-05-04 12:19:42 |
|
| 2021-04-22 01:23:24 |
|
| 2020-05-23 00:33:27 |
|
| 2019-07-11 21:19:18 |
|
| 2019-07-11 12:04:36 |
|
| 2019-07-10 21:19:24 |
|
| 2017-08-29 09:23:47 |
|
| 2016-06-28 19:06:48 |
|
| 2016-04-26 21:45:00 |
|
| 2015-11-20 21:25:00 |
|
| 2014-12-03 09:26:32 |
|
| 2014-10-12 13:26:49 |
|
| 2014-06-14 13:32:49 |
|
| 2014-02-17 11:09:40 |
|
| 2013-05-10 22:38:00 |
|
