CVE-2013-4964
https://notcve.org/view.php?id=CVE-2013-4964
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Puppet Enterprise anterior a 3.0.1, no establece el indicador de seguridad para la cookie de sesión en una del tipo HTTPS, lo que facilita a atacantes remotos la captura de las cookies interceptando la comunicación en una sesión https. • http://puppetlabs.com/security/cve/cve-2013-4964 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4955
https://notcve.org/view.php?id=CVE-2013-4955
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter. Vulnerabilidad de redirección abierta en la página de login de Puppet Enterprise anterior a 3.0.1, permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de una URL en el parámetro "service". • http://puppetlabs.com/security/cve/cve-2013-4955 • CWE-20: Improper Input Validation •
CVE-2013-4761 – Puppet: resource_type service code execution
https://notcve.org/view.php?id=CVE-2013-4761
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. Vulnerabilidad sin especificar en Puppet 2.7.x anterior a 2.7.23 y 3.2.x anterior a 3.2.4, y Puppet Enterprise 2.8.x anterior a 2.8.3 y 3.0.x anterior a 3.0.1, permite a atacantes remotos ejecutar programas Ruby arbitrariamente desde el master a través del servicio resource_type. NOTA: esta vulnerabilidad únicamente puede ser explotada utilizando un "acceso local al sistema de ficheros no especificado" al Puppet Master. • http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html http://puppetlabs.com/security/cve/cve-2013-4761 http://rhn.redhat.com/errata/RHSA-2013-1283.html http://rhn.redhat.com/errata/RHSA-2013-1284.html http://www.debian.org/security/2013/dsa-2761 https://access.redhat.com/security/cve/CVE-2013-4761 https://bugzilla.redhat.com/show_bug.cgi?id=996856 •
CVE-2013-4956 – Puppet: Local Privilege Escalation/Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2013-4956
Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. Puppet Module Tool (PMT), usado en Puppet 2.7.x anterior a 2.7.23 y 3.2.x anterior a 3.2.4, y Puppet Enterprise 2.8.x anterior a 2.8.3 y 3.0.x anterior a 3.0.1, instala módulos con permisos débiles si estos son utilizados cuando los módulos se construyen inicialmente, lo que podría permitir a usuarios locales leer o modificar dichos módulos dependiendo de los permisos originales. • http://puppetlabs.com/security/cve/cve-2013-4956 http://rhn.redhat.com/errata/RHSA-2013-1283.html http://rhn.redhat.com/errata/RHSA-2013-1284.html http://www.debian.org/security/2013/dsa-2761 https://access.redhat.com/security/cve/CVE-2013-4956 https://bugzilla.redhat.com/show_bug.cgi?id=996855 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-3567 – puppet: remote code execution on master from unauthenticated clients
https://notcve.org/view.php?id=CVE-2013-3567
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Puppet 2.7.x anterior a 2.7.22 y 3.2.x anterior a 3.2.2, y Puppet Enterprise anterior a 2.8.2, deserializa YAML sin confianza, lo que permite a atacantes remotos la instanciación de clases de Ruby y ejecutar código arbitrario a través de una llamada RESTAPI manipulada. • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-1283.html http://rhn.redhat.com/errata/RHSA-2013-1284.html http://secunia.com/advisories/54429 http://www.debian.org/security/2013/dsa-2715 http://www.ubuntu.com/usn/USN-1886-1 https://puppetlabs.com/security/cve/cve-2013-3567 https://access.redhat.com/security/cve/CVE-2013-3567 https& • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •