Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3408

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-3408
Last Modified 07 Aug 2012 12:00:00
Published 06 Aug 2012 12:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-3408

Summary

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.

Vulnerable Systems

Application

  • Puppetlabs Puppet 2.5.1

  • Puppetlabs Puppet 2.7.0

  • Puppetlabs Puppet 2.7.1

  • Puppetlabs Puppet 2.7.10

  • Puppetlabs Puppet 2.7.11

  • Puppetlabs Puppet 2.7.12

  • Puppetlabs Puppet 2.7.13

  • Puppetlabs Puppet 2.7.14

  • Puppetlabs Puppet 2.7.16

  • Puppetlabs Puppet 2.7.17

  • Puppetlabs Puppet 2.7.2

  • Puppetlabs Puppet 2.7.3

  • Puppetlabs Puppet 2.7.4

  • Puppetlabs Puppet 2.7.5

  • Puppetlabs Puppet 2.7.6

  • Puppetlabs Puppet 2.7.8

  • Puppetlabs Puppet 2.7.9


References

CONFIRM - https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=839166

CONFIRM - http://puppetlabs.com/security/cve/cve-2012-3408/


Last Updated: 27 May 2016 10:53:34