You are here

V-111: Multiple vulnerabilities have been reported in Puppet

March 14, 2013 - 12:12am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in Puppet

PLATFORM:

Puppet 2.x
Puppet 3.x
Puppet Enterprise 1.x
Puppet Enterprise 2.x

ABSTRACT:

Puppet Multiple Vulnerabilities

REFERENCE LINKS:

Puppet Blog
Secunia Advisory  SA52596
CVE-2013-1640
CVE-2013-1652
CVE-2013-1653
CVE-2013-1654
CVE-2013-1655
CVE-2013-2274
CVE-2013-2275

IMPACT ASSESSMENT:

High

DISCUSSION:

1) An unspecified error exists when invoking the "template" or "inline_template" functions while responding to a catalog request and can be exploited to execute arbitrary code via a specially crafted catalog request.

2) An input validation error exists in the application and can be exploited to e.g. gain unauthorized access to arbitrary catalogs from the master.

3) An unspecified error exists in the application and can be exploited to execute arbitrary code on agents via a specially crafted HTTP request.

Successful exploitation of this vulnerability requires listening for incoming connections and permission to access the "run" REST endpoint (disabled by default).

4) An error when handling serialized attributes can be exploited to execute arbitrary code.

5) An unspecified error exists in the application and can be exploited to execute arbitrary code via a specially crafted HTTP PUT request.

Successful exploitation of this vulnerability on an agent requires "puppet kick" to be enabled.

Please see the vendor's advisories for a list of affected versions.

IMPACT:

Vulnerabilities can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system and by malicious people to compromise a vulnerable system.

SOLUTION:

Update to a fixed version.

Addthis