Puppet Enterprise < 3.0.1 Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

A web application on the remote host has multiple vulnerabilities.

Description :

According to its self-reported version number, the Puppet Enterprise
install on the remote host is a version prior to 3.0.1. As a result,
it reportedly has multiple vulnerabilities:

- An error exists related to the included Ruby SSL client
that could allow man-in-the-middle attacks.
(CVE-2013-4073)

- An error exists related to the 'resource_type' service
that could allow a local attacker to cause arbitrary
Ruby files to be executed. (CVE-2013-4761)

- Multiple session vulnerabilities exist that could
allow an attacker to hijack an arbitrary session and
gain unauthorized access. (CVE-2013-4762, CVE-2013-4964)

- An error exists related to 'Puppet Module Tool' (PMT)
and improper permissions. (CVE-2013-4956)

- Multiple security bypass vulnerabilities exist that
could allow an attacker to gain unauthorized access
and perform sensitive transactions. (CVE-2013-4958,
CVE-2013-4962)

- Multiple information disclosure vulnerabilities exist
that could allow an attacker to access sensitive
information such as server software versions, MAC
addresses, SSH keys, and database passwords.
(CVE-2013-4959, CVE-2013-4961, CVE-2013-4967)

- An open-redirection vulnerability exists that could
allow an attacker to attempt a phishing attack.
(CVE-2013-4955)

- Clickjacking and cross-site-scripting vulnerabilities
exist that could allow an attacker to trick users into
sending them sensitive information such as passwords.
(CVE-2013-4968)

- A cross-site request forgery vulnerability exists that
could allow an attacker to manipulate a logged in user's
browser to perform sensitive transactions on the user's
behalf. (CVE-2013-4963)

See also :

http://puppetlabs.com/security/cve/cve-2013-4073
http://puppetlabs.com/security/cve/cve-2013-4761
http://puppetlabs.com/security/cve/cve-2013-4762
http://puppetlabs.com/security/cve/cve-2013-4955
http://puppetlabs.com/security/cve/cve-2013-4956
http://puppetlabs.com/security/cve/cve-2013-4958
http://puppetlabs.com/security/cve/cve-2013-4959
http://puppetlabs.com/security/cve/cve-2013-4961
http://puppetlabs.com/security/cve/cve-2013-4962
http://puppetlabs.com/security/cve/cve-2013-4963
http://puppetlabs.com/security/cve/cve-2013-4964
http://puppetlabs.com/security/cve/cve-2013-4967
http://puppetlabs.com/security/cve/cve-2013-4968

Solution :

Upgrade to Puppet Enterprise 3.0.1 or later.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true