CVE-2014-3248
Gentoo Linux Security Advisory 201412-15
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Vulnerabilidad de ruta de búsqueda no confiable en Puppet Enterprise 2.8 anterior a 2.8.7, Puppet anterior a 2.7.26 y 3.x anterior a 3.6.2, Facter 1.6.x y 2.x anterior a 2.0.2, Hiera anterior a 1.3.4, y Mcollective anterior a 2.5.2 o anteriores, permite a usuarios locales ganar privilegios ubicando un troyano en el directorio actual a través de un troyano en un archivo, se demostró usando (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, o (6) safe_yaml/deep.so; o (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, o (10) osfamily.so en puppet/confine.
Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute arbitrary code on the master. This update is incompatible with agents older than 3.2.2. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-07 CVE Reserved
- 2014-11-16 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-17: DEPRECATED: Code
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/59197 | Technical Description | |
| http://secunia.com/advisories/59200 | Technical Description | |
| http://www.securityfocus.com/bid/68035 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://puppetlabs.com/security/cve/cve-2014-3248 | 2019-07-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Puppet Search vendor "Puppet" | Facter Search vendor "Puppet" for product "Facter" | 2.0.0 Search vendor "Puppet" for product "Facter" and version "2.0.0" | rc1 |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Facter Search vendor "Puppet" for product "Facter" | 2.0.0 Search vendor "Puppet" for product "Facter" and version "2.0.0" | rc2 |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Facter Search vendor "Puppet" for product "Facter" | 2.0.0 Search vendor "Puppet" for product "Facter" and version "2.0.0" | rc3 |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Facter Search vendor "Puppet" for product "Facter" | 2.0.0 Search vendor "Puppet" for product "Facter" and version "2.0.0" | rc4 |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Facter Search vendor "Puppet" for product "Facter" | 2.0.1 Search vendor "Puppet" for product "Facter" and version "2.0.1" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Facter Search vendor "Puppet" for product "Facter" | 2.0.1 Search vendor "Puppet" for product "Facter" and version "2.0.1" | rc1 |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Facter Search vendor "Puppet" for product "Facter" | 2.0.1 Search vendor "Puppet" for product "Facter" and version "2.0.1" | rc2 |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Facter Search vendor "Puppet" for product "Facter" | 2.0.1 Search vendor "Puppet" for product "Facter" and version "2.0.1" | rc3 |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Facter Search vendor "Puppet" for product "Facter" | 2.0.1 Search vendor "Puppet" for product "Facter" and version "2.0.1" | rc4 |
Affected
| ||||||
| Puppetlabs Search vendor "Puppetlabs" | Facter Search vendor "Puppetlabs" for product "Facter" | >= 1.6.0 <= 1.6.18 Search vendor "Puppetlabs" for product "Facter" and version " >= 1.6.0 <= 1.6.18" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Marionette Collective Search vendor "Puppet" for product "Marionette Collective" | < 2.5.2 Search vendor "Puppet" for product "Marionette Collective" and version " < 2.5.2" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Hiera Search vendor "Puppet" for product "Hiera" | < 1.3.4 Search vendor "Puppet" for product "Hiera" and version " < 1.3.4" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | < 2.7.26 Search vendor "Puppet" for product "Puppet" and version " < 2.7.26" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Search vendor "Puppet" for product "Puppet" | >= 3.6.0 < 3.6.2 Search vendor "Puppet" for product "Puppet" and version " >= 3.6.0 < 3.6.2" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | >= 2.8.0 < 2.8.7 Search vendor "Puppet" for product "Puppet Enterprise" and version " >= 2.8.0 < 2.8.7" | - |
Affected
| ||||||