Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Puppet: Multiple vulnerabilities
Informations
Name GLSA-201203-03 First vendor Publication 2012-03-06
Vendor Gentoo Last vendor Modification 2012-03-06
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Puppet, the worst of which might allow local attackers to gain escalated privileges.

Background

Puppet is a system configuration management tool written in Ruby.

Description

Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could gain elevated privileges, or access and modify arbitrary files. Furthermore, a remote attacker may be able to spoof a Puppet Master or write X.509 Certificate Signing Requests to arbitrary locations.

Workaround

There is no known workaround at this time.

Resolution

All Puppet users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/puppet-2.7.11"

References

[ 1 ] CVE-2009-3564 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3564
[ 2 ] CVE-2010-0156 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0156
[ 3 ] CVE-2011-3848 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3848
[ 4 ] CVE-2011-3869 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3869
[ 5 ] CVE-2011-3870 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3870
[ 6 ] CVE-2011-3871 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3871
[ 7 ] CVE-2011-3872 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3872
[ 8 ] CVE-2012-1053 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1053
[ 9 ] CVE-2012-1054 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1054

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201203-03.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201203-03.xml

CWE : Common Weakness Enumeration

% Id Name
44 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-59 Improper Link Resolution Before File Access ('Link Following')
11 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
11 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13279
 
Oval ID: oval:org.mitre.oval:def:13279
Title: USN-917-1 -- puppet vulnerabilities
Description: It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files
Family: unix Class: patch
Reference(s): USN-917-1
CVE-2009-3564
CVE-2010-0156
Version: 5
Platform(s): Ubuntu 9.10
Product(s): puppet
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15153
 
Oval ID: oval:org.mitre.oval:def:15153
Title: DSA-2314-1 puppet -- multiple
Description: Multiple security issues have been discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid X.509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. CVE-2011-3870 Ricky Zhou discovered a potential local privilege escalation in the ssh_authorised_keys resource and theoretically in the Solaris and AIX providers, where file ownership was given away before it was written, leading to a possibility for a user to overwrite arbitrary files as root, if their authorised_keys file was managed. CVE-2011-3869 A predictable file name in the k5login type leads to the possibility of symlink attacks which would allow the owner of the home directory to symlink to anything on the system, and have it replaced with the "correct" content of the file, which can lead to a privilege escalation on puppet runs. CVE-2011-3871 A potential local privilege escalation was found in the --edit mode of "puppet resource" due to a persistant, predictable file name, which can result in editing an arbitrary target file, and thus be be tricked into running that arbitrary file as the invoking user. This command is most commonly run as root, this leads to a potential privilege escalation. Additionally, this update hardens the indirector file backed terminus base class against injection attacks based on trusted path names.
Family: unix Class: patch
Reference(s): DSA-2314-1
CVE-2011-3848
CVE-2011-3870
CVE-2011-3869
CVE-2011-3871
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): puppet
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15175
 
Oval ID: oval:org.mitre.oval:def:15175
Title: DSA-2419-1 puppet -- several
Description: Two vulnerabilities were discovered in Puppet, a centralized configuration management tool. CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. CVE-2012-1054 The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used.
Family: unix Class: patch
Reference(s): DSA-2419-1
CVE-2012-1053
CVE-2012-1054
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): puppet
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15218
 
Oval ID: oval:org.mitre.oval:def:15218
Title: USN-1372-1 -- Puppet vulnerabilities
Description: puppet: Centralized configuration management Puppet could be made to overwrite files and run programs with administrator privileges.
Family: unix Class: patch
Reference(s): USN-1372-1
CVE-2012-1053
CVE-2012-1054
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 10.10
Product(s): Puppet
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15307
 
Oval ID: oval:org.mitre.oval:def:15307
Title: DSA-2352-1 puppet -- programming error
Description: It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the "certdnsnames" option was used. This could lead to man in the middle attacks
Family: unix Class: patch
Reference(s): DSA-2352-1
CVE-2011-3872
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): puppet
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20526
 
Oval ID: oval:org.mitre.oval:def:20526
Title: USN-1217-1 -- puppet vulnerability
Description: An attacker could send crafted input to puppet and cause it to overwrite files.
Family: unix Class: patch
Reference(s): USN-1217-1
CVE-2011-3848
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
Product(s): puppet
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20948
 
Oval ID: oval:org.mitre.oval:def:20948
Title: USN-1223-1 -- puppet vulnerabilities
Description: Puppet could be made to overwrite files and run programs with administrator privileges.
Family: unix Class: patch
Reference(s): USN-1223-1
CVE-2011-3869
CVE-2011-3870
CVE-2011-3871
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
Product(s): puppet
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21191
 
Oval ID: oval:org.mitre.oval:def:21191
Title: USN-1223-2 -- puppet regression
Description: USN-1223-1 caused a regression with managing SSH authorized_keys files.
Family: unix Class: patch
Reference(s): USN-1223-2
CVE-2011-3869
CVE-2011-3870
CVE-2011-3871
Version: 5
Platform(s): Ubuntu 10.04
Product(s): puppet
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21321
 
Oval ID: oval:org.mitre.oval:def:21321
Title: USN-1238-1 -- puppet vulnerability
Description: The Puppet master server could be impersonated in certain configurations.
Family: unix Class: patch
Reference(s): USN-1238-1
CVE-2011-3872
Version: 5
Platform(s): Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
Product(s): puppet
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 50
Application 8
Application 2
Application 1

OpenVAS Exploits

Date Description
2012-08-30 Name : Fedora Update for puppet FEDORA-2012-2325
File : nvt/gb_fedora_2012_2325_puppet_fc17.nasl
2012-07-30 Name : Fedora Update for puppet FEDORA-2012-10897
File : nvt/gb_fedora_2012_10897_puppet_fc16.nasl
2012-04-30 Name : Fedora Update for puppet FEDORA-2012-6055
File : nvt/gb_fedora_2012_6055_puppet_fc15.nasl
2012-04-30 Name : Fedora Update for puppet FEDORA-2012-5999
File : nvt/gb_fedora_2012_5999_puppet_fc16.nasl
2012-04-02 Name : Fedora Update for puppet FEDORA-2012-2415
File : nvt/gb_fedora_2012_2415_puppet_fc16.nasl
2012-04-02 Name : Fedora Update for puppet FEDORA-2011-13623
File : nvt/gb_fedora_2011_13623_puppet_fc16.nasl
2012-03-19 Name : Fedora Update for puppet FEDORA-2011-14880
File : nvt/gb_fedora_2011_14880_puppet_fc16.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201203-03 (puppet)
File : nvt/glsa_201203_03.nasl
2012-03-12 Name : Fedora Update for puppet FEDORA-2012-2367
File : nvt/gb_fedora_2012_2367_puppet_fc15.nasl
2012-03-12 Name : Debian Security Advisory DSA 2419-1 (puppet)
File : nvt/deb_2419_1.nasl
2012-03-09 Name : Ubuntu Update for puppet USN-1372-1
File : nvt/gb_ubuntu_USN_1372_1.nasl
2012-02-11 Name : Debian Security Advisory DSA 2352-1 (puppet)
File : nvt/deb_2352_1.nasl
2011-11-21 Name : Fedora Update for puppet FEDORA-2011-14994
File : nvt/gb_fedora_2011_14994_puppet_fc15.nasl
2011-11-21 Name : Fedora Update for puppet FEDORA-2011-15000
File : nvt/gb_fedora_2011_15000_puppet_fc14.nasl
2011-10-31 Name : Ubuntu Update for puppet USN-1238-1
File : nvt/gb_ubuntu_USN_1238_1.nasl
2011-10-31 Name : Ubuntu Update for puppet USN-1238-2
File : nvt/gb_ubuntu_USN_1238_2.nasl
2011-10-18 Name : Fedora Update for puppet FEDORA-2011-13636
File : nvt/gb_fedora_2011_13636_puppet_fc15.nasl
2011-10-18 Name : Fedora Update for puppet FEDORA-2011-13633
File : nvt/gb_fedora_2011_13633_puppet_fc14.nasl
2011-10-16 Name : Debian Security Advisory DSA 2314-1 (puppet)
File : nvt/deb_2314_1.nasl
2011-10-10 Name : Ubuntu Update for puppet USN-1223-2
File : nvt/gb_ubuntu_USN_1223_2.nasl
2011-10-04 Name : Ubuntu Update for puppet USN-1223-1
File : nvt/gb_ubuntu_USN_1223_1.nasl
2011-09-30 Name : Ubuntu Update for puppet USN-1217-1
File : nvt/gb_ubuntu_USN_1217_1.nasl
2010-03-31 Name : Ubuntu Update for puppet vulnerabilities USN-917-1
File : nvt/gb_ubuntu_USN_917_1.nasl
2010-03-05 Name : Fedora Update for puppet FEDORA-2010-1372
File : nvt/gb_fedora_2010_1372_puppet_fc12.nasl
2010-03-05 Name : Fedora Update for puppet FEDORA-2010-1079
File : nvt/gb_fedora_2010_1079_puppet_fc11.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
76623 Puppet certdnsnames Puppet Master Impersonation Weakness

76018 Puppet X.509 Certificate Signing Request Parsing Traversal Arbitrary File Ove...

75989 Puppet Resource --edit Mode Arbitrary Puppet Code Execution

75988 Puppet k5login File Handling Symlink k5login Overwrite

75986 Puppet Race Condition SSH authorized_keys File Handing Symlink Arbitrary File...

62752 Puppet Multiple Temporary File Symlink Arbitrary File Overwrite

Puppet contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the program using temporary files insecurely. It is possible for an attacker to use a symlink attack to overwrite arbitrary files.
58657 Puppet puppetmasterd Supplementary Group Permission Retention Weakness

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_puppet-111110.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_puppet-111005.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_puppet-111110.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_puppet-111005.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-369.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-53.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-11.nasl - Type : ACT_GATHER_INFO
2012-03-12 Name : The remote Fedora host is missing a security update.
File : fedora_2012-2325.nasl - Type : ACT_GATHER_INFO
2012-03-12 Name : The remote Fedora host is missing a security update.
File : fedora_2012-2367.nasl - Type : ACT_GATHER_INFO
2012-03-12 Name : The remote Fedora host is missing a security update.
File : fedora_2012-2415.nasl - Type : ACT_GATHER_INFO
2012-03-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201203-03.nasl - Type : ACT_GATHER_INFO
2012-03-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_puppet-120224.nasl - Type : ACT_GATHER_INFO
2012-02-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2419.nasl - Type : ACT_GATHER_INFO
2012-02-24 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1372-1.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_puppet-111111.nasl - Type : ACT_GATHER_INFO
2011-11-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2352.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14880.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14994.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15000.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1238-1.nasl - Type : ACT_GATHER_INFO
2011-10-17 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13623.nasl - Type : ACT_GATHER_INFO
2011-10-17 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13636.nasl - Type : ACT_GATHER_INFO
2011-10-17 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13633.nasl - Type : ACT_GATHER_INFO
2011-10-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1223-2.nasl - Type : ACT_GATHER_INFO
2011-10-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2314.nasl - Type : ACT_GATHER_INFO
2011-10-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1223-1.nasl - Type : ACT_GATHER_INFO
2011-09-29 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1217-1.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_puppet-100310.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1079.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1372.nasl - Type : ACT_GATHER_INFO
2010-06-02 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_puppet-100305.nasl - Type : ACT_GATHER_INFO
2010-06-02 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_puppet-100305.nasl - Type : ACT_GATHER_INFO
2010-03-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-917-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:13
  • Multiple Updates