what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2012-1987

Status Candidate

Overview

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.

Related Files

Red Hat Security Advisory 2012-1542-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1542-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. Multiple input validation vulnerabilities were discovered in rubygem-activerecored. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-activerecord. Multiple cross-site scripting flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.

tags | advisory, remote, vulnerability, xss, sql injection
systems | linux, redhat
advisories | CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-2139, CVE-2012-2140, CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-3864, CVE-2012-3865, CVE-2012-3867
SHA-256 | f96ce0acf37d0bdcad39fc2ad186927a862b5bffbd7f653a2b6e60984426c0c4
Gentoo Linux Security Advisory 201208-02
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-2 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.13 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989
SHA-256 | 34e2e5b7d34db5d93643e67dcebb7c67afd870204a7c4b3718e99acee2ae0d8b
Debian Security Advisory 2451-1
Posted Apr 13, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2451-1 - Several vulnerabilities have been discovered in puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988
SHA-256 | 35b59b4216bedd63d45392644a9587d40ba5845a85bf2717988463a587882a20
Ubuntu Security Notice USN-1419-1
Posted Apr 11, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, apple, osx, ubuntu
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989, CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989
SHA-256 | b321c92d30665135abf19544c4c759a8dc26d73f6d998793727b56e0115999ac
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    31 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close