Puppet Unsafe YAML Unserialization

high Nessus Plugin ID 66236

Synopsis

A web application on the remote host has a code execution vulnerability.

Description

According to its self-reported version number, the Puppet install on the remote host has a remote code execution vulnerability. Specially crafted YAML encoded objects are not unserialized safely. A remote, unauthenticated attacker could exploit this to execute arbitrary code.

The issue is reportedly only exploitable when Puppet has the master role enabled, and is configured to use Ruby 1.9.3 or later.

Solution

Upgrade to Puppet 2.7.21 / 3.1.1 or later.

See Also

https://projects.puppetlabs.com/issues/19393

https://puppetlabs.com/security/cve/cve-2013-1655/

Plugin Details

Severity: High

ID: 66236

File Name: puppet_cve_2013-1655.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 4/26/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-1655

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Ease: No exploit is required

Patch Publication Date: 3/12/2013

Vulnerability Publication Date: 3/12/2013

Reference Information

CVE: CVE-2013-1655

BID: 58442