Puppet Multiple Vulnerabilities (2013/03/12)

High Nessus Plugin ID 66237

Synopsis

A configuration management application running on the remote host has multiple vulnerabilities.

Description

According to its self-reported version number, the version of Puppet Open Source or Puppet Enterprise running on the remote host has the following vulnerabilities :

- A vulnerability that allows an authenticated client to execute arbitrary code on a puppet master.
(CVE-2013-1640)

- A vulnerability that allows an authenticated client to connect to a puppet master and perform unauthorized actions. (CVE-2013-1652)

- A vulnerability that would allow a man-in-the-middle attacker to downgrade an HTTPS connection to use SSLv2.
(CVE-2013-1654)

- A vulnerability that allows an authenticated node to submit a report for any other node. This issue only affects puppet masters 0.25.0 and above. (CVE-2013-2275)

Solution

Upgrade Puppet Open Source to 2.6.18 / 2.7.21 / 3.1.1 or later.
Upgrade Puppet Enterprise to 1.2.7 / 2.7.2 or later.

See Also

https://puppet.com/security/cve/cve-2013-1640

https://puppet.com/security/cve/cve-2013-1652

https://puppet.com/security/cve/cve-2013-1654

https://puppet.com/security/cve/cve-2013-2275

Plugin Details

Severity: High

ID: 66237

File Name: puppet_multiple_vulns.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 2013/04/26

Updated: 2018/11/15

Dependencies: 66233

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Available: false

Exploit Ease: No exploit is required

Patch Publication Date: 2013/03/12

Vulnerability Publication Date: 2013/03/12

Reference Information

CVE: CVE-2013-1640, CVE-2013-1652, CVE-2013-1654, CVE-2013-2275

BID: 58443, 58449, 58452, 58453