Amazon Linux AMI : puppet Multiple Vulnerabilities (ALAS-2013-181)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

A flaw was found in how Puppet handled certain HTTP PUT requests. An
attacker with valid authentication credentials, and authorized to save
to the authenticated client's own report, could construct a malicious
request that could possibly cause the Puppet master to execute
arbitrary code. (CVE-2013-2274)

A flaw was found in how Puppet handled the 'template' and
'inline_template' functions during catalog compilation. If an
authenticated attacker were to requests its catalog from the Puppet
master, it could possibly result in arbitrary code execution when the
catalog is compiled. (CVE-2013-1640)

A flaw was found in how Puppet handled certain HTTP GET requests. An
attacker with valid authentication credentials could construct a
request to retrieve catalogs from the Puppet master that they are not
authorized to access. (CVE-2013-1652)

It was found that the default /etc/puppet/auth.conf configuration file
allowed an authenticated node to submit a report for any other node,
which could breach compliance requirements. (CVE-2013-2275)

It was found that the /var/log/puppet directory was created
world-readable. This could allow local users to obtain sensitive
information from the Puppet log files. (CVE-2012-6120)

It was found that Puppet allowed the use of the SSLv2 protocol. A
Puppet agent could use this to negotiate the use of the weak SSLv2
protocol for its connection to a Puppet master. (CVE-2013-1654)

See also :

http://www.nessus.org/u?f1a1c376

Solution :

Run 'yum update puppet' to update your system.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69740 ()

Bugtraq ID:

CVE ID: CVE-2012-6120
CVE-2013-1640
CVE-2013-1652
CVE-2013-1654
CVE-2013-2274
CVE-2013-2275