Detections
Analytics

Puppet 2.7.x / 3.2.x < 2.7.23 / 3.2.4 and Enterprise 2.8.x / 3.0.x < 2.8.3 / 3.0.1 Multiple Vulnerabilities

medium Nessus Plugin ID 70661

Language:

Synopsis

A web application on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Puppet install on the remote host has multiple vulnerabilities:

 - By using the 'resource_type' service, an attacker could cause Puppet to load arbitrary Ruby files from the Puppet Master node's file system. While this behavior is not enabled by default, 'auth.conf' settings could be modified to allow it. The exploit requires local file system access to the Puppet Master. (CVE-2013-4761)

 - Puppet Module Tool (PMT) installs modules with weak permissions if those permissions were used when the modules were originally built. This could allow attackers to bypass certain security restrictions and perform unauthorized actions. (CVE-2013-4956)

Solution

Upgrade to Puppet 2.7.23 / 3.2.4 or Puppet Enterprise 2.8.3 / 3.0.1 or later.

See Also

https://puppet.com/security/cve/cve-2013-4761

https://puppet.com/security/cve/cve-2013-4956

http://www.nessus.org/u?c65953c7

Plugin Details

Severity: Medium

ID: 70661

File Name: puppet_2_7_23.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 10/28/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Ease: No exploit is required

Patch Publication Date: 8/15/2013

Vulnerability Publication Date: 8/15/2013

Reference Information

CVE: CVE-2013-4761, CVE-2013-4956

BID: 61805, 61806