Detections
Analytics

Puppet Enterprise 3.7.x < 3.8.1 / 3.8.x < 3.8.1 Multiple Vulnerabilities

medium Nessus Plugin ID 84961

Language:

Synopsis

A web application on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Puppet Enterprise application running on the remote host is version 3.7.x or 3.8.x prior to 3.8.1. It it, therefore, affected by the following vulnerabilities :

 - A flaw exists in RubyGems due to a failure to validate hostnames when fetching gems or making API requests. A remote attacker, using a crafted DNS SRV record, can exploit this to redirect requests to arbitrary domains.
 (CVE-2015-3900)

 - A flaw exists in RubyGems due to a failure to sanitize DNS responses, which allows a man-in-the-middle attacker to install arbitrary applications. (CVE-2015-4020)

 - A flaw exists in Puppet Enterprise related to how certificates are managed, under certain vulnerable configurations, which allows a trusted certificate to be used to perform full certificate management. An attacker can exploit this flaw to revoke the certificates of other nodes or to approve their certificate requests.
 (CVE-2015-4100)

Note that the default 'monolithic', 'split', and 'multimaster' installations of Puppet Enterprise are not affected by CVE-2015-4100.

Solution

Upgrade to Puppet Enterprise 3.8.1 or later.

See Also

https://puppet.com/security/cve/CVE-2015-4100

http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html

https://groups.google.com/forum/#!topic/puppet-announce/mnV70g2PttQ

Plugin Details

Severity: Medium

ID: 84961

File Name: puppet_enterprise_cve_2015-4100.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 7/23/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2015-3900

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Ease: No exploit is required

Patch Publication Date: 6/18/2015

Vulnerability Publication Date: 5/14/2015

Reference Information

CVE: CVE-2015-3900, CVE-2015-4020, CVE-2015-4100

BID: 75431, 75482