Fedora 14 : puppet-2.6.6-3.fc14 (2011-13633)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

The following vulnerabilities have been discovered and fixed :

- CVE-2011-3870, a symlink attack via a user's SSH
authorized_keys file

- CVE-2011-3869, a symlink attack via a user's .k5login
file

- CVE-2011-3871, a privilege escalation attack via the
temp file used by the puppet resource application

- A low-risk file indirector injection attack

Further details can be found in the upstream announcement :

http://groups.google.com/group/puppet-announce/browse_thread/thread/91
e3b46d2328a1cb A vulnerability was discovered in puppet that would
allow an attacker to install a valid X509 Certificate Signing Request
at any location on disk, with the privileges of the Puppet Master
application. For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement :

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce
2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet
master is vulnerable to this issue. A vulnerability was discovered in
puppet that would allow an attacker to install a valid X509
Certificate Signing Request at any location on disk, with the
privileges of the Puppet Master application. For Fedora and EPEL, this
is the puppet user.

Further details can be found in the upstream announcement :

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce
2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet
master is vulnerable to this issue. A vulnerability was discovered in
puppet that would allow an attacker to install a valid X509
Certificate Signing Request at any location on disk, with the
privileges of the Puppet Master application. For Fedora and EPEL, this
is the puppet user.

Further details can be found in the upstream announcement :

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce
2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet
master is vulnerable to this issue. A vulnerability was discovered in
puppet that would allow an attacker to install a valid X509
Certificate Signing Request at any location on disk, with the
privileges of the Puppet Master application. For Fedora and EPEL, this
is the puppet user.

Further details can be found in the upstream announcement :

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce
2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet
master is vulnerable to this issue. A vulnerability was discovered in
puppet that would allow an attacker to install a valid X509
Certificate Signing Request at any location on disk, with the
privileges of the Puppet Master application. For Fedora and EPEL, this
is the puppet user.

Further details can be found in the upstream announcement :

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce
2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet
master is vulnerable to this issue.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?56b35af7
http://www.nessus.org/u?5b2f8e47
http://www.nessus.org/u?77854d50

Solution :

Update the affected puppet package.

Risk factor :

Medium / CVSS Base Score : 6.3
(CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C)

Family: Fedora Local Security Checks

Nessus Plugin ID: 56516 ()

Bugtraq ID:

CVE ID: CVE-2011-3869
CVE-2011-3870
CVE-2011-3871

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now