Detections
Analytics
Puppet Enterprise 2.8.x / 3.2.x Multiple Vulnerabilities
medium Nessus Plugin ID 77281
Language:
Synopsis
A web application on the remote host is affected by multiple vulnerabilities.Description
According to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 2.8.x or 3.2.x. It is, therefore, affected by multiple vulnerabilities :- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
- An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)
- The MCollective 'aes_security' plugin does not properly validate new server certificates. This allows a local attacker to spoof a valid MCollective connection. Note that this plugin is not enabled by default.
(CVE-2014-3251)
Solution
Upgrade to Puppet Enterprise 3.3.0 or later.In the case of the 2.8.x branch, please contact the vendor for guidance.
See Also
https://puppet.com/security/cve/cve-2014-0198
Plugin Details
Severity: Medium
ID: 77281
File Name: puppet_enterprise_330.nasl
Version: 1.9
Type: remote
Family: CGI abuses
Published: 8/20/2014
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.7
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2014-0224
Vulnerability Information
CPE: cpe:/a:puppetlabs:puppet
Required KB Items: puppet/rest_port
Exploit Available: true
Exploit Ease: No exploit is required
Patch Publication Date: 7/15/2014
Vulnerability Publication Date: 7/15/2014
Exploitable With
Core Impact