Puppet Unsafe YAML Unserialization

High Nessus Plugin ID 66236

Synopsis

A web application on the remote host has a code execution vulnerability.

Description

According to its self-reported version number, the Puppet install on the remote host has a remote code execution vulnerability. Specially crafted YAML encoded objects are not unserialized safely. A remote, unauthenticated attacker could exploit this to execute arbitrary code.

The issue is reportedly only exploitable when Puppet has the master role enabled, and is configured to use Ruby 1.9.3 or later.

Solution

Upgrade to Puppet 2.7.21 / 3.1.1 or later.

See Also

https://projects.puppetlabs.com/issues/19393

https://puppetlabs.com/security/cve/cve-2013-1655/

Plugin Details

Severity: High

ID: 66236

File Name: puppet_cve_2013-1655.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 2013/04/26

Updated: 2019/11/27

Dependencies: 66233

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2013-1655

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Available: false

Exploit Ease: No exploit is required

Patch Publication Date: 2013/03/12

Vulnerability Publication Date: 2013/03/12

Reference Information

CVE: CVE-2013-1655

BID: 58442