what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2012-1986

Status Candidate

Overview

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

Related Files

Red Hat Security Advisory 2012-1542-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1542-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. Multiple input validation vulnerabilities were discovered in rubygem-activerecored. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-activerecord. Multiple cross-site scripting flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.

tags | advisory, remote, vulnerability, xss, sql injection
systems | linux, redhat
advisories | CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-2139, CVE-2012-2140, CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-3864, CVE-2012-3865, CVE-2012-3867
MD5 | e57ad96523b395ece603fe69fec783e1
Gentoo Linux Security Advisory 201208-02
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-2 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.13 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989
MD5 | fe3df529360a039d9bd339462a94dbad
Debian Security Advisory 2451-1
Posted Apr 13, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2451-1 - Several vulnerabilities have been discovered in puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988
MD5 | 2c9a80b47d58210b03775dc110ae6eec
Ubuntu Security Notice USN-1419-1
Posted Apr 11, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, apple, osx, ubuntu
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989, CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989
MD5 | c04fc17bff68786d0e5e2e838af6ab31
Page 1 of 1
Back1Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    13 Files
  • 5
    Mar 5th
    9 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close