Amazon Linux AMI : puppet Multiple Vulnerabilities (ALAS-2012-75)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

When issuing a REST request for a file from a remote filebucket, it is
possible to override the puppet master's defined location for
filebucket storage. A user with an authorized SSL key and the ability
to construct directories and symlinks on the puppet master can thus
read any file that the puppet master's user account has access to.

Using the symlink vulnerability described above, the puppet master can
be caused to read from a stream (e.g. /dev/random) when trying to read
or write a file. Due to the way Puppet sends files via REST requests,
the thread handling the request will block forever, reading from the
stream and continually consuming more memory. This can lead to the
puppet master system running out of memory, causing a denial of
service. In order to do this, the attacker needs access to agent SSL
keys and the ability to create directories and symlinks on the puppet
master system.

If a file whose full path contains an executable command string is
created on the puppet master system, it is possible to cause Puppet to
execute the embedded command by crafting a malicious file bucket
request. This requires access to agent SSL keys and the ability to
create directories and files on the puppet master system.

See also :

http://puppetlabs.com/security/cve/cve-2012-1986/
http://puppetlabs.com/security/cve/cve-2012-1987/
http://puppetlabs.com/security/cve/cve-2012-1988/
http://www.nessus.org/u?ba2e6084

Solution :

Run 'yum update puppet' to update your system.

Risk factor :

High

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69682 ()

Bugtraq ID:

CVE ID: