Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3867

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3867
Last Modified 10 Oct 2014 12:55:48
Published 06 Aug 2012 12:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3867

Summary

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

Vulnerable Systems

Application

  • Puppetlabs Puppet 2.5.1

  • Puppetlabs Puppet 2.6.0

  • Puppetlabs Puppet 2.6.1

  • Puppetlabs Puppet 2.6.10

  • Puppetlabs Puppet 2.6.11

  • Puppetlabs Puppet 2.6.12

  • Puppetlabs Puppet 2.6.13

  • Puppetlabs Puppet 2.6.14

  • Puppetlabs Puppet 2.6.15

  • Puppetlabs Puppet 2.6.16

  • Puppetlabs Puppet 2.6.2

  • Puppetlabs Puppet 2.6.3

  • Puppetlabs Puppet 2.6.4

  • Puppetlabs Puppet 2.6.5

  • Puppetlabs Puppet 2.6.6

  • Puppetlabs Puppet 2.6.7

  • Puppetlabs Puppet 2.6.8

  • Puppetlabs Puppet 2.6.9

  • Puppetlabs Puppet 2.7.0

  • Puppetlabs Puppet 2.7.1

  • Puppetlabs Puppet 2.7.10

  • Puppetlabs Puppet 2.7.11

  • Puppetlabs Puppet 2.7.12

  • Puppetlabs Puppet 2.7.13

  • Puppetlabs Puppet 2.7.14

  • Puppetlabs Puppet 2.7.16

  • Puppetlabs Puppet 2.7.17

  • Puppetlabs Puppet 2.7.2

  • Puppetlabs Puppet 2.7.3

  • Puppetlabs Puppet 2.7.4

  • Puppetlabs Puppet 2.7.5

  • Puppetlabs Puppet 2.7.6

  • Puppetlabs Puppet 2.7.7

  • Puppetlabs Puppet 2.7.8

  • Puppetlabs Puppet 2.7.9


References

CONFIRM - https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50

CONFIRM - https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=839158

CONFIRM - http://puppetlabs.com/security/cve/cve-2012-3867/

UBUNTU - USN-1506-1

DEBIAN - DSA-2511

SUSE - SUSE-SU-2012:0983

SECUNIA - 50014

SUSE - openSUSE-SU-2012:0891

Related Patches

Novell SUSE 2012:6561 puppet security update for SLE 11 SP1 i586

Novell SUSE 2012:6561 puppet security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:53:34