Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities

medium Nessus Plugin ID 73132

Synopsis

A web application on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities :

- An input validation error exists related to the included Ruby version, handling string to floating point conversions that could allow denial of service attacks or arbitrary code execution. (CVE-2013-4164)

- An error exists related to the included RubyGems version and 'gem build', 'Gem::Package', and 'Gem::PackageTask' API calls that could allow denial of service attacks. (CVE-2013-4363)

- An error exists in the 'i18n' gem for Ruby that could allow cross-site scripting attacks. (CVE-2013-4491)

- An error exists related to handling temporary files that could allow a local attacker to overwrite files by using a symlink attack. (CVE-2013-4969)

- An error exists related to the included Ruby on Rails, 'Action View', and handling certain headers that could allow denial of service attacks. (CVE-2013-6414)

- An input validation error exists related to the included Ruby on Rails and the 'unit' parameter in the 'number_to_currency' helper that could allow cross-site scripting attacks. (CVE-2013-6415)

- An input validation error exists related to the included Ruby on Rails, JSON parameter parsing and SQL queries that could allow SQL injection attacks.
(CVE-2013-6417)

Solution

Upgrade to Puppet Enterprise 3.1.1 or later.

See Also

https://groups.google.com/forum/#!topic/puppet-users/f_gybceSV6E

https://puppet.com/security/cve/cve-2013-4164

https://puppet.com/security/cve/cve-2013-4363

https://puppet.com/security/cve/cve-2013-4491

https://puppet.com/security/cve/cve-2013-4969

https://puppet.com/security/cve/cve-2013-6414

https://puppet.com/security/cve/cve-2013-6415

https://puppet.com/security/cve/cve-2013-6417

Plugin Details

Severity: Medium

ID: 73132

File Name: puppet_enterprise_311.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 3/21/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Ease: No exploit is required

Patch Publication Date: 3/12/2013

Vulnerability Publication Date: 9/9/2013

Reference Information

CVE: CVE-2013-4164, CVE-2013-4363, CVE-2013-4491, CVE-2013-4969, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417

BID: 62442, 63873, 64074, 64076, 64077, 64106, 64552

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990