Puppet Unauthenticated Remote Code Execution

high Nessus Plugin ID 70662

Synopsis

A web application on the remote host has a code execution vulnerability.

Description

According to its self-reported version number, the Puppet install on the remote host has a remote code execution vulnerability. When making REST API calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.

Solution

Upgrade to Puppet 2.7.22 / 3.2.2 or Puppet Enterprise 2.8.2 or later.

See Also

https://puppet.com/security/cve/cve-2013-3567

Plugin Details

Severity: High

ID: 70662

File Name: puppet_cve_2013-3567.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 10/28/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Ease: No exploit is required

Patch Publication Date: 6/18/2013

Vulnerability Publication Date: 6/18/2013

Reference Information

CVE: CVE-2013-3567

BID: 60664