Puppet Enterprise 2.8.x / 3.2.x Multiple Vulnerabilities
Medium Nessus Plugin ID 77281
SynopsisA web application on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 2.8.x or 3.2.x. It is, therefore, affected by multiple vulnerabilities :
- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
- An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)
- The MCollective 'aes_security' plugin does not properly validate new server certificates. This allows a local attacker to spoof a valid MCollective connection. Note that this plugin is not enabled by default.
SolutionUpgrade to Puppet Enterprise 3.3.0 or later.
In the case of the 2.8.x branch, please contact the vendor for guidance.