Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3864

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-3864
Last Modified 10 Oct 2014 12:55:47
Published 06 Aug 2012 12:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-3864

Summary

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.

Vulnerable Systems

Application

  • Puppetlabs Puppet 2.5.1

  • Puppetlabs Puppet 2.6.0

  • Puppetlabs Puppet 2.6.1

  • Puppetlabs Puppet 2.6.10

  • Puppetlabs Puppet 2.6.11

  • Puppetlabs Puppet 2.6.12

  • Puppetlabs Puppet 2.6.13

  • Puppetlabs Puppet 2.6.14

  • Puppetlabs Puppet 2.6.15

  • Puppetlabs Puppet 2.6.16

  • Puppetlabs Puppet 2.6.2

  • Puppetlabs Puppet 2.6.3

  • Puppetlabs Puppet 2.6.4

  • Puppetlabs Puppet 2.6.5

  • Puppetlabs Puppet 2.6.6

  • Puppetlabs Puppet 2.6.7

  • Puppetlabs Puppet 2.6.8

  • Puppetlabs Puppet 2.6.9

  • Puppetlabs Puppet 2.7.0

  • Puppetlabs Puppet 2.7.1

  • Puppetlabs Puppet 2.7.10

  • Puppetlabs Puppet 2.7.11

  • Puppetlabs Puppet 2.7.12

  • Puppetlabs Puppet 2.7.13

  • Puppetlabs Puppet 2.7.14

  • Puppetlabs Puppet 2.7.16

  • Puppetlabs Puppet 2.7.17

  • Puppetlabs Puppet 2.7.2

  • Puppetlabs Puppet 2.7.3

  • Puppetlabs Puppet 2.7.4

  • Puppetlabs Puppet 2.7.5

  • Puppetlabs Puppet 2.7.6

  • Puppetlabs Puppet 2.7.7

  • Puppetlabs Puppet 2.7.8

  • Puppetlabs Puppet 2.7.9


References

CONFIRM - https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87

CONFIRM - https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=839130

CONFIRM - http://puppetlabs.com/security/cve/cve-2012-3864/

UBUNTU - USN-1506-1

DEBIAN - DSA-2511

SUSE - SUSE-SU-2012:0983

SECUNIA - 50014

SUSE - openSUSE-SU-2012:0891

Related Patches

Novell SUSE 2012:6561 puppet security update for SLE 11 SP1 i586

Novell SUSE 2012:6561 puppet security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:53:34