CVE-2011-3872
Severity Score
2.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."
Puppet v2.6.x antes de v2.6.12 y v2.7.x antes de v2.7.6, y Puppet Enterprise (PE) Users v1.0, v1.1, y v1.2 antes de v1.2.4, al firmar un certificado de agente, añade los valores de Puppet master's certdnsnames al campo X.509 Subject Alternative Name, lo que permite a atacantes remotos falsificar un Puppet master a través de un ataque "Man-in-the-middle" contra un agente que utilice un nombre alternativo de DNS para el maestro, también conocido como "Vulnerabilidad AltNames."
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-09-29 CVE Reserved
- 2011-10-25 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability | X_refsource_confirm | |
| http://secunia.com/advisories/46934 | Third Party Advisory | |
| http://secunia.com/advisories/46964 | Third Party Advisory | |
| http://www.securityfocus.com/bid/50356 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70970 | Vdb Entry | |
| https://puppet.com/security/cve/cve-2011-3872 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://groups.google.com/group/puppet-announce/browse_thread/thread/e7edc3a71348f3e1 | 2019-07-11 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/46550 | 2019-07-11 | |
| http://secunia.com/advisories/46578 | 2019-07-11 | |
| http://www.ubuntu.com/usn/USN-1238-1 | 2019-07-11 | |
| http://www.ubuntu.com/usn/USN-1238-2 | 2019-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.0 Search vendor "Puppet" for product "Puppet" and version "2.6.0" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.1 Search vendor "Puppet" for product "Puppet" and version "2.6.1" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.2 Search vendor "Puppet" for product "Puppet" and version "2.6.2" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.3 Search vendor "Puppet" for product "Puppet" and version "2.6.3" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.4 Search vendor "Puppet" for product "Puppet" and version "2.6.4" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.5 Search vendor "Puppet" for product "Puppet" and version "2.6.5" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.6 Search vendor "Puppet" for product "Puppet" and version "2.6.6" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.7 Search vendor "Puppet" for product "Puppet" and version "2.6.7" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.8 Search vendor "Puppet" for product "Puppet" and version "2.6.8" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.9 Search vendor "Puppet" for product "Puppet" and version "2.6.9" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.10 Search vendor "Puppet" for product "Puppet" and version "2.6.10" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.6.11 Search vendor "Puppet" for product "Puppet" and version "2.6.11" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.2 Search vendor "Puppet" for product "Puppet" and version "2.7.2" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.3 Search vendor "Puppet" for product "Puppet" and version "2.7.3" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.4 Search vendor "Puppet" for product "Puppet" and version "2.7.4" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | 2.7.5 Search vendor "Puppet" for product "Puppet" and version "2.7.5" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.0 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.0" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Search vendor "Puppetlabs" for product "Puppet" | 2.7.1 Search vendor "Puppetlabs" for product "Puppet" and version "2.7.1" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 1.2.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.0" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 1.2.1 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.1" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 1.2.2 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.2" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 1.2.3 Search vendor "Puppet" for product "Puppet Enterprise" and version "1.2.3" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Enterprise Users Search vendor "Puppetlabs" for product "Puppet Enterprise Users" | 1.0 Search vendor "Puppetlabs" for product "Puppet Enterprise Users" and version "1.0" | - |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Puppet Enterprise Users Search vendor "Puppetlabs" for product "Puppet Enterprise Users" | 1.1 Search vendor "Puppetlabs" for product "Puppet Enterprise Users" and version "1.1" | - |
Affected
| ||||||