the original cloud security
Showing 1 - 6 of 6 RSS Feed

CVE-2013-4956

Status Candidate

Overview

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.

Related Files

Red Hat Security Advisory 2013-1284-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1284-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
MD5 | 465fc1948a0450b2d436ffea9e20625f
Red Hat Security Advisory 2013-1283-01
Posted Sep 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1283-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.

tags | advisory, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
MD5 | eb9c6325528af554e462d08715d10cb8
Debian Security Advisory 2761-1
Posted Sep 20, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2761-1 - Several vulnerabilities were discovered in puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-4761, CVE-2013-4956
MD5 | ebbf4f9bcba9ed995e3b3242da421ed0
Mandriva Linux Security Advisory 2013-222
Posted Aug 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-222 - It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files. It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were built, possibly exposing them to a local attacker.

tags | advisory, arbitrary, local, ruby
systems | linux, mandriva
advisories | CVE-2013-4761, CVE-2013-4956
MD5 | 26d456c885f0459f3cc8ae86f86abe5c
Gentoo Linux Security Advisory 2013-08-04
Posted Aug 23, 2013
Site security.gentoo.org

Gentoo Linux Security Advisory 2013-08-04 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.23 are affected.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2012-6120, CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2274, CVE-2013-2275, CVE-2013-3567, CVE-2013-4761, CVE-2013-4956
MD5 | b7bd9bc6b79ccc873e88b20f9c3dfd01
Ubuntu Security Notice USN-1928-1
Posted Aug 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1928-1 - It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files. It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were built, possibly exposing them to a local attacker. Various other issues were also addressed.

tags | advisory, arbitrary, local, ruby
systems | linux, ubuntu
advisories | CVE-2013-4761, CVE-2013-4956, CVE-2013-4761, CVE-2013-4956
MD5 | 969f63c53455add9cbcee4da7c7c1e5c
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close