Puppet Multiple Security Vulnerabilities
BID:52975
CVE-2012-1987 |Info
Puppet Multiple Security Vulnerabilities
| Bugtraq ID: | 52975 |
| Class: | Unknown |
| CVE: |
CVE-2012-1906 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 CVE-2012-1989 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 11 2012 12:00AM |
| Updated: | Apr 13 2015 09:16PM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 11.04 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.10 Ubuntu Ubuntu Linux 10.04 LTS Redhat CloudForms 0 Puppetlabs Puppet Enterprise 2.0.3 Puppetlabs Puppet Enterprise 2.0.2 Puppetlabs Puppet Enterprise 1.2 Puppetlabs Puppet Enterprise 1.1 Puppetlabs Puppet Enterprise 1.0 Puppetlabs Puppet Enterprise 2.0 Puppetlabs Puppet 2.7.11 Puppetlabs Puppet 2.7.10 Puppetlabs Puppet 2.7.5 Puppetlabs Puppet 2.7.4 Puppetlabs Puppet 2.6.14 Puppetlabs Puppet 2.6.13 Puppetlabs Puppet 2.6.11 Puppetlabs Puppet 2.6.10 Puppetlabs Puppet 2.6 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
Redhat CloudForms 1.1 Puppetlabs Puppet Enterprise 2.5.1 Puppetlabs Puppet 2.7.13 Puppetlabs Puppet 2.6.15 |
Exploit / POC
Puppet Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Puppet Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Puppet Multiple Security Vulnerabilities
References:
References:
- Puppet Homepage (Puppet Labs)
- CVE-2012-1906 (Arbitrary Code Execution) (Puppet Labs)
- CVE-2012-1986 (Arbitrary File Read Access) (Puppet Labs)
- CVE-2012-1987 (Denial of Service) (Puppet Labs)
- CVE-2012-1988 (Arbitrary Code Execution) (Puppet Labs)
- CVE-2012-1989 (Arbitrary File Write Access) (Puppet Labs)
- RHSA-2012:1542 (Red Hat)