This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote Debian host is missing a security-related update.
Several security vulnerabilities have been found in Puppet, a
centralized configuration management :
Authenticated clients could read arbitrary files on the
Authenticated clients could delete arbitrary files on
the puppet master.
The report of the most recent Puppet run was stored with
world readable permissions, resulting in information
Agent hostnames were insufficiently validated.
See also :
Upgrade the puppet packages.
For the stable distribution (squeeze), this problem has been fixed in
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false