Debian DSA-2352-1 : puppet - programming error

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Debian host is missing a security-related update.

Description :

It was discovered that Puppet, a centralized configuration management
solution, misgenerated certificates if the 'certdnsnames' option was
used. This could lead to man in the middle attacks. More details are
available on the Puppet website.

See also :

http://puppetlabs.com/security/cve/cve-2011-3872/
https://packages.debian.org/source/squeeze/puppet
http://www.debian.org/security/2011/dsa-2352

Solution :

Upgrade the puppet packages.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.24.5-3+lenny2.

For the stable distribution (squeeze), this problem has been fixed in
version 2.6.2-5+squeeze3.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 2.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Debian Local Security Checks

Nessus Plugin ID: 56923 ()

Bugtraq ID: 50356

CVE ID: CVE-2011-3872

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial