RHEL 6 : puppet (RHSA-2013:0710)

high Nessus Plugin ID 234379

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for puppet.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0710 advisory.

Puppet allows provisioning, patching, and configuration of clients to be managed and automated.

A flaw was found in how Puppet handled certain HTTP PUT requests. An attacker with valid authentication credentials, and authorized to save to the authenticated client's own report, could construct a malicious request that could possibly cause the Puppet master to execute arbitrary code.
(CVE-2013-2274)

A flaw was found in how Puppet handled the template and inline_template functions during catalog compilation. If an authenticated attacker were to requests its catalog from the Puppet master, it could possibly result in arbitrary code execution when the catalog is compiled. (CVE-2013-1640)

A flaw was found in how Puppet handled certain HTTP GET requests. An attacker with valid authentication credentials could construct a request to retrieve catalogs from the Puppet master that they are not authorized to access. (CVE-2013-1652)

It was found that the default /etc/puppet/auth.conf configuration file allowed an authenticated node to submit a report for any other node, which could breach compliance requirements. (CVE-2013-2275)

It was found that the /var/log/puppet directory was created world-readable.
This could allow local users to obtain sensitive information from the Puppet log files. (CVE-2012-6120)

It was found that Puppet allowed the use of the SSLv2 protocol. A Puppet agent could use this to negotiate the use of the weak SSLv2 protocol for its connection to a Puppet master. (CVE-2013-1654)

Red Hat would like to thank Puppet Labs for reporting CVE-2013-1640, CVE-2013-1652, CVE-2013-1654, CVE-2013-2274, and CVE-2013-2275.

Note: In most default configurations these issues are not directly exploitable unless the attacker has access to the underlying OpenStack infrastructure (e.g. shell access to a Nova compute node).

Users of Red Hat OpenStack Folsom are advised to upgrade to these updated packages, which upgrade Puppet to version 2.6.18 and correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL puppet package based on the guidance in RHSA-2013:0710.

Plugin Details

Severity: High

ID: 234379

File Name: redhat-RHSA-2013-0710.nasl

Version: 1.1

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 4/15/2025

Updated: 4/15/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2013-1640

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:puppet-server, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:puppet

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/4/2013

Vulnerability Publication Date: 9/17/2012

Reference Information

CVE: CVE-2012-6120, CVE-2013-1640, CVE-2013-1652, CVE-2013-1654, CVE-2013-2274, CVE-2013-2275

CWE: 502

RHSA: 2013:0710

Detections

Analytics