Puppet Enterprise < 3.1.0 Multiple Vulnerabilities

medium Nessus Plugin ID 70684

Synopsis

A web application on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Puppet Enterprise install on the remote host is a version prior to 3.1.0. As a result, it is reportedly affected by multiple vulnerabilities :

- An error exists related to the Fiddle and DL modules, '$SAFE' level verification and object handling that could allow an attacker to modify system calls.
(CVE-2013-2065)

- A remote code execution vulnerability exists that is triggered when handling a YAML report. This could allow a remote attacker to execute arbitrary code.
(CVE-2013-4957)

- A console account brute-force vulnerability exists that could allow an attacker to brute-force a known user's password. (CVE-2013-4965)

- A RubyGems algorithmic complexity denial of service vulnerability exists that could allow an attacker to cause a denial of service through CPU consumption.
(CVE-2013-4287)

Solution

Upgrade to Puppet Enterprise 3.1.0 or later.

See Also

https://puppet.com/security/cve/cve-2013-2065

https://puppet.com/security/cve/cve-2013-4957

https://puppet.com/security/cve/cve-2013-4965

https://puppet.com/security/cve/cve-2013-4287

Plugin Details

Severity: Medium

ID: 70684

File Name: puppet_enterprise_310.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 10/29/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Ease: No exploit is required

Patch Publication Date: 10/15/2013

Vulnerability Publication Date: 9/9/2013

Reference Information

CVE: CVE-2013-2065, CVE-2013-4287, CVE-2013-4957, CVE-2013-4965

BID: 59881, 62281, 63173, 63386