According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1.  As a result, it is reportedly affected by multiple vulnerabilities :

  - An input validation error exists related to the     included Ruby version, handling string to floating point     conversions that could allow denial of service attacks     or arbitrary code execution. (CVE-2013-4164)

  - An error exists related to the included RubyGems     version and 'gem build', 'Gem::Package', and     'Gem::PackageTask' API calls that could allow denial     of service attacks. (CVE-2013-4363)

  - An error exists in the 'i18n' gem for Ruby that could     allow cross-site scripting attacks. (CVE-2013-4491)

  - An error exists related to handling temporary files     that could allow a local attacker to overwrite files by     using a symlink attack. (CVE-2013-4969)

  - An error exists related to the included Ruby on Rails,     'Action View', and handling certain headers that could     allow denial of service attacks. (CVE-2013-6414)

  - An input validation error exists related to the     included Ruby on Rails and the 'unit' parameter in the     'number_to_currency' helper that could allow cross-site     scripting attacks. (CVE-2013-6415)

  - An input validation error exists related to the     included Ruby on Rails, JSON parameter parsing and SQL     queries that could allow SQL injection attacks.
    (CVE-2013-6417)

Update to 3.4.2 to mitigate CVE-2013-4969

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability has been discovered and corrected in puppet :

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files (CVE-2013-4969).

The updated packages have been upgraded to the 2.7.25 version which is not vulnerable to this issue.

An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system.

According to its self-reported version number, the Puppet install on the remote host is potentially affected by an error related to temporary files and their use.  A local attacker could potentially use a symlink attack to overwrite arbitrary files.

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Puppet was updated to fix the following security issues :

  - Unsafe use of temporary files. (CVE-2013-4969)

  - Arbitrary code execution with required social     engineering. (CVE-2014-3248 / CVE-2014-3250)

ID	Name	Product	Family	Published	Updated	Severity
73132	Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities	Nessus	CGI abuses	3/21/2014	1/19/2021	medium
72113	Fedora 19 : puppet-3.4.2-1.fc19 (2014-0850)	Nessus	Fedora Local Security Checks	1/24/2014	1/11/2021	low
72112	Fedora 20 : puppet-3.4.2-1.fc20 (2014-0825)	Nessus	Fedora Local Security Checks	1/24/2014	1/11/2021	low
72564	Mandriva Linux Security Advisory : puppet (MDVSA-2014:040)	Nessus	Mandriva Local Security Checks	2/19/2014	1/6/2021	low
71779	Debian DSA-2831-1 : puppet - insecure temporary files	Nessus	Debian Local Security Checks	1/2/2014	1/11/2021	low
72151	Puppet Symlink File Overwrite	Nessus	CGI abuses	1/27/2014	1/19/2021	low
72306	Amazon Linux AMI : puppet (ALAS-2014-288)	Nessus	Amazon Linux Local Security Checks	2/5/2014	4/18/2018	low
71837	Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : puppet vulnerability (USN-2077-1)	Nessus	Ubuntu Local Security Checks	1/7/2014	1/19/2021	low
76424	SuSE 11.3 Security Update : puppet (SAT Patch Number 9472)	Nessus	SuSE Local Security Checks	7/9/2014	1/19/2021	medium

Detections

Analytics

Plugins Search

medium

low

low

low

low

low

low

low

medium