Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1654

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-1654
Last Modified 17 Jan 2014 12:13:33
Published 20 Mar 2013 12:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-1654

Summary

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 12.10

Application

  • Puppetlabs Puppet 2.7.0

  • Puppetlabs Puppet 2.7.1

  • Puppetlabs Puppet 2.7.10

  • Puppetlabs Puppet 2.7.11

  • Puppetlabs Puppet 2.7.12

  • Puppetlabs Puppet 2.7.13

  • Puppetlabs Puppet 2.7.14

  • Puppetlabs Puppet 2.7.16

  • Puppetlabs Puppet 2.7.17

  • Puppetlabs Puppet 2.7.18

  • Puppetlabs Puppet 2.7.19

  • Puppetlabs Puppet 2.7.2

  • Puppetlabs Puppet 2.7.20

  • Puppetlabs Puppet 2.7.3

  • Puppetlabs Puppet 2.7.4

  • Puppetlabs Puppet 2.7.5

  • Puppetlabs Puppet 2.7.6

  • Puppetlabs Puppet 2.7.7

  • Puppetlabs Puppet 2.7.8

  • Puppetlabs Puppet 2.7.9

  • Puppetlabs Puppet 3.1.0


References

CONFIRM - https://puppetlabs.com/security/cve/cve-2013-1654/

DEBIAN - DSA-2643

UBUNTU - USN-1759-1

SECUNIA - 52596

SUSE - openSUSE-SU-2013:0641

SUSE - SUSE-SU-2013:0618

REDHAT - RHSA-2013:0710

BID - 64758


Last Updated: 27 May 2016 11:02:06