CVE-2013-4761 – Puppet: resource_type service code execution
https://notcve.org/view.php?id=CVE-2013-4761
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. Vulnerabilidad sin especificar en Puppet 2.7.x anterior a 2.7.23 y 3.2.x anterior a 3.2.4, y Puppet Enterprise 2.8.x anterior a 2.8.3 y 3.0.x anterior a 3.0.1, permite a atacantes remotos ejecutar programas Ruby arbitrariamente desde el master a través del servicio resource_type. NOTA: esta vulnerabilidad únicamente puede ser explotada utilizando un "acceso local al sistema de ficheros no especificado" al Puppet Master. • http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html http://puppetlabs.com/security/cve/cve-2013-4761 http://rhn.redhat.com/errata/RHSA-2013-1283.html http://rhn.redhat.com/errata/RHSA-2013-1284.html http://www.debian.org/security/2013/dsa-2761 https://access.redhat.com/security/cve/CVE-2013-4761 https://bugzilla.redhat.com/show_bug.cgi?id=996856 •
CVE-2013-4956 – Puppet: Local Privilege Escalation/Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2013-4956
Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. Puppet Module Tool (PMT), usado en Puppet 2.7.x anterior a 2.7.23 y 3.2.x anterior a 3.2.4, y Puppet Enterprise 2.8.x anterior a 2.8.3 y 3.0.x anterior a 3.0.1, instala módulos con permisos débiles si estos son utilizados cuando los módulos se construyen inicialmente, lo que podría permitir a usuarios locales leer o modificar dichos módulos dependiendo de los permisos originales. • http://puppetlabs.com/security/cve/cve-2013-4956 http://rhn.redhat.com/errata/RHSA-2013-1283.html http://rhn.redhat.com/errata/RHSA-2013-1284.html http://www.debian.org/security/2013/dsa-2761 https://access.redhat.com/security/cve/CVE-2013-4956 https://bugzilla.redhat.com/show_bug.cgi?id=996855 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-3567 – puppet: remote code execution on master from unauthenticated clients
https://notcve.org/view.php?id=CVE-2013-3567
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Puppet 2.7.x anterior a 2.7.22 y 3.2.x anterior a 3.2.2, y Puppet Enterprise anterior a 2.8.2, deserializa YAML sin confianza, lo que permite a atacantes remotos la instanciación de clases de Ruby y ejecutar código arbitrario a través de una llamada RESTAPI manipulada. • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-1283.html http://rhn.redhat.com/errata/RHSA-2013-1284.html http://secunia.com/advisories/54429 http://www.debian.org/security/2013/dsa-2715 http://www.ubuntu.com/usn/USN-1886-1 https://puppetlabs.com/security/cve/cve-2013-3567 https://access.redhat.com/security/cve/CVE-2013-3567 https& • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVE-2013-2716
https://notcve.org/view.php?id=CVE-2013-2716
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie. Puppet Labs Puppet Enterprise antes de v2.8.0 no utiliza un "secreto aleatorio" en el archivo de configuración de cliente de CAS (cas_client_config.yml) que al actualizarse desde versiones v1.2.x v2.0.x o, permite a atacantes remotos obtener acceso a la consola a través de un cookie hecha a mano. • http://secunia.com/advisories/52862 https://exchange.xforce.ibmcloud.com/vulnerabilities/83171 https://puppetlabs.com/security/cve/cve-2013-2716 • CWE-310: Cryptographic Issues •
CVE-2013-1653
https://notcve.org/view.php?id=CVE-2013-1653
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request. Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21, y v3.1.x anterior a v3.1.1, y Puppet Enterprise anterior a v1.2.7 y v2.7.x anterior a v2.7.2, cuando la espera de conexiones entrantes está activado y permiten el acceso al REST "run", permiten a usuarios remotos autenticados ejecutar código arbitrario a través de un solicitud HTTP especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://secunia.com/advisories/52596 http://ubuntu.com/usn/usn-1759-1 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/58446 https://puppetlabs.com/security/cve/cve-2013-1653 •