Puppet Enterprise 2.8.x / 3.2.x Multiple Vulnerabilities

Medium Nessus Plugin ID 77281

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.5

Synopsis

A web application on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 2.8.x or 3.2.x. It is, therefore, affected by multiple vulnerabilities :

- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)

- An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)

- The MCollective 'aes_security' plugin does not properly validate new server certificates. This allows a local attacker to spoof a valid MCollective connection. Note that this plugin is not enabled by default.
(CVE-2014-3251)

Solution

Upgrade to Puppet Enterprise 3.3.0 or later.

In the case of the 2.8.x branch, please contact the vendor for guidance.

See Also

https://puppet.com/security/cve/cve-2014-0198

https://puppet.com/security/cve/cve-2014-0224

https://puppet.com/security/cve/cve-2014-3251

Plugin Details

Severity: Medium

ID: 77281

File Name: puppet_enterprise_330.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 2014/08/20

Updated: 2020/06/12

Dependencies: 66233

Risk Information

Risk Factor: Medium

VPR Score: 8.5

CVSS Score Source: CVE-2014-0224

CVSS v2.0

Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2014/07/15

Vulnerability Publication Date: 2014/07/15

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0198, CVE-2014-0224, CVE-2014-3251

BID: 67193, 67899, 69235