Debian: DSA-2643-1 Critical Puppet Remote Code Execution Risks
debian
March 12, 2013
Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system
Topics Covered
Summary
CVE-2013-1640
An authenticated malicious client may request its catalog from the puppet
master, and cause the puppet master to execute arbitrary code. The puppet
master must be made to invoke the `template` or `inline_template` functions
during catalog compilation.
CVE-2013-1652
An authenticated malicious client may retrieve catalogs from the puppet
master that it is not authorized to access. Given a valid certificate and
private key, it is possible to construct an HTTP GET request that will
return a catalog for an arbitrary client.
CVE-2013-1653
An authenticated malicious client may execute arbitrary code on Puppet
agents that accept kick connections. Puppet agents are not vulnerable in
their default configuration. However, if the Puppet agent is configured to
listen for incoming connections, e.g. listen = true, and the agent's
auth.conf allows access to the `run` REST endpoint, then an authenticated
client can construct an HTTP PUT request t...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: puppet
CVE ID: CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!