CVE-2012-1987
Summary
| CVE | CVE-2012-1987 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-05-29 20:55:00 UTC |
| Updated | 2019-07-11 15:09:00 UTC |
| Description | Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Puppet | Puppet | 2.6.0 | All | All | All |
| Application | Puppet | Puppet | 2.6.1 | All | All | All |
| Application | Puppet | Puppet | 2.6.10 | All | All | All |
| Application | Puppet | Puppet | 2.6.11 | All | All | All |
| Application | Puppet | Puppet | 2.6.12 | All | All | All |
| Application | Puppet | Puppet | 2.6.13 | All | All | All |
| Application | Puppet | Puppet | 2.6.14 | All | All | All |
| Application | Puppet | Puppet | 2.6.2 | All | All | All |
| Application | Puppet | Puppet | 2.6.3 | All | All | All |
| Application | Puppet | Puppet | 2.6.4 | All | All | All |
| Application | Puppet | Puppet | 2.6.5 | All | All | All |
| Application | Puppet | Puppet | 2.6.6 | All | All | All |
| Application | Puppet | Puppet | 2.6.7 | All | All | All |
| Application | Puppet | Puppet | 2.6.8 | All | All | All |
| Application | Puppet | Puppet | 2.6.9 | All | All | All |
| Application | Puppet | Puppet | 2.7.10 | All | All | All |
| Application | Puppet | Puppet | 2.7.11 | All | All | All |
| Application | Puppet | Puppet | 2.7.2 | All | All | All |
| Application | Puppet | Puppet | 2.7.3 | All | All | All |
| Application | Puppet | Puppet | 2.7.4 | All | All | All |
| Application | Puppet | Puppet | 2.7.5 | All | All | All |
| Application | Puppet | Puppet | 2.7.6 | All | All | All |
| Application | Puppet | Puppet | 2.7.7 | All | All | All |
| Application | Puppet | Puppet | 2.7.8 | All | All | All |
| Application | Puppet | Puppet | 2.7.9 | All | All | All |
| Application | Puppet | Puppet | 2.6.0 | All | All | All |
| Application | Puppet | Puppet | 2.6.1 | All | All | All |
| Application | Puppet | Puppet | 2.6.10 | All | All | All |
| Application | Puppet | Puppet | 2.6.11 | All | All | All |
| Application | Puppet | Puppet | 2.6.12 | All | All | All |
| Application | Puppet | Puppet | 2.6.13 | All | All | All |
| Application | Puppet | Puppet | 2.6.14 | All | All | All |
| Application | Puppet | Puppet | 2.6.2 | All | All | All |
| Application | Puppet | Puppet | 2.6.3 | All | All | All |
| Application | Puppet | Puppet | 2.6.4 | All | All | All |
| Application | Puppet | Puppet | 2.6.5 | All | All | All |
| Application | Puppet | Puppet | 2.6.6 | All | All | All |
| Application | Puppet | Puppet | 2.6.7 | All | All | All |
| Application | Puppet | Puppet | 2.6.8 | All | All | All |
| Application | Puppet | Puppet | 2.6.9 | All | All | All |
| Application | Puppet | Puppet | 2.7.10 | All | All | All |
| Application | Puppet | Puppet | 2.7.11 | All | All | All |
| Application | Puppet | Puppet | 2.7.2 | All | All | All |
| Application | Puppet | Puppet | 2.7.3 | All | All | All |
| Application | Puppet | Puppet | 2.7.4 | All | All | All |
| Application | Puppet | Puppet | 2.7.5 | All | All | All |
| Application | Puppet | Puppet | 2.7.6 | All | All | All |
| Application | Puppet | Puppet | 2.7.7 | All | All | All |
| Application | Puppet | Puppet | 2.7.8 | All | All | All |
| Application | Puppet | Puppet | 2.7.9 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.2 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.3 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.4 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.0.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.0.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.0.2 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.5.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.2 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.3 | All | All | All |
| Application | Puppet | Puppet Enterprise | 1.2.4 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.0.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.0.1 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.0.2 | All | All | All |
| Application | Puppet | Puppet Enterprise | 2.5.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.1 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.1 | All | All | All |
| Application | Puppetlabs | Puppet Enterprise Users | 1.0 | All | All | All |
| Application | Puppetlabs | Puppet Enterprise Users | 1.1 | All | All | All |
| Application | Puppetlabs | Puppet Enterprise Users | 1.0 | All | All | All |
| Application | Puppetlabs | Puppet Enterprise Users | 1.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Puppet Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| openSUSE-SU-2012:0608 | SUSE | hermes.opensuse.org | |
| CVE-2011-3872 - Altnames Vulnerability Hotfix | Puppet Labs | CONFIRM | puppetlabs.com | |
| CVE-2012-1987 | Puppet Labs | CONFIRM | puppetlabs.com | Vendor Advisory |
| Security Alerts - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Release Notes - Puppet - Puppet Labs | CONFIRM | projects.puppetlabs.com | |
| Bug #13553: Puppet master can be cause to read data until it is out of memory - Puppet - Puppet Labs | MISC | projects.puppetlabs.com | Vendor Advisory |
| USN-1419-1: Puppet vulnerabilities | Ubuntu | UBUNTU | ubuntu.com | |
| Debian -- Security Information -- DSA-2451-1 puppet | DEBIAN | www.debian.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Bug #13552: Puppet master will save files to any place on disk - Puppet - Puppet Labs | MISC | projects.puppetlabs.com | Vendor Advisory |
| Security Alerts - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| openSUSE-SU-2012:0835 | SUSE | hermes.opensuse.org | |
| [SECURITY] Fedora 17 Update: puppet-2.7.13-1.fc17 | FEDORA | lists.fedoraproject.org | |
| Security Alerts - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| [SECURITY] Fedora 15 Update: puppet-2.6.16-1.fc15 | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 16 Update: puppet-2.6.16-1.fc16 | FEDORA | lists.fedoraproject.org | |
| 81308 | OSVDB | www.osvdb.org | |
| Security Alerts - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 996701 Rubygems (Rubygems) Security Update for puppet (GHSA-v58w-6xc2-w799)