RHEL 6 : ruby193-puppet (RHSA-2013:1284)

high Nessus Plugin ID 193828

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for ruby193-puppet.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1284 advisory.

Puppet allows provisioning, patching, and configuration of clients to be managed and automated.

A flaw was found in the way Puppet handled YAML content during Representational State Transfer (REST) API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. (CVE-2013-3567)

It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master. (CVE-2013-4761)

It was found that Puppet Module Tool (that is, running puppet module commands from the command line) applied incorrect permissions to installed modules. If a malicious, local user had write access to the Puppet module directory, they could use this flaw to modify the modules and therefore execute arbitrary code with the privileges of the Puppet master.
(CVE-2013-4956)

Red Hat would like to thank Puppet Labs for reporting these issues.
Upstream acknowledges Ben Murphy as the original reporter of CVE-2013-3567.

These ruby193-puppet packages are used by Foreman, which provides facilities for rapidly deploying Red Hat OpenStack 3.0. In this use case, Puppet master is used and exposed to these issues. Note that Foreman is provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview/

Users of Red Hat OpenStack 3.0 are advised to upgrade to these updated packages, which correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL ruby193-puppet package based on the guidance in RHSA-2013:1284.

Plugin Details

Severity: High

ID: 193828

File Name: redhat-RHSA-2013-1284.nasl

Version: 1.1

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 4/24/2024

Updated: 6/3/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-3567

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ruby193-puppet, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:ruby193-puppet-server

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 9/24/2013

Vulnerability Publication Date: 6/18/2013

Reference Information

CVE: CVE-2013-3567, CVE-2013-4761, CVE-2013-4956

CWE: 502

RHSA: 2013:1284

Detections

Analytics