Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4966

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2013-4966
Last Modified 10 Mar 2014 10:42:19
Published 09 Mar 2014 09:16:56
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-4966

Summary

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.

Vulnerable Systems

Application

  • Puppetlabs Puppet 3.0.0

  • Puppetlabs Puppet 3.0.1

  • Puppetlabs Puppet 3.1.0

  • Puppetlabs Puppet 3.1.1


References

SECTRACK - 1029873

CONFIRM - http://puppetlabs.com/security/cve/cve-2013-4966


Last Updated: 27 May 2016 10:57:38