4.3

CVE-2012-3867

Exploit
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PuppetPuppet Version2.6.0
PuppetPuppet Version2.6.1
PuppetPuppet Version2.6.2
PuppetPuppet Version2.6.3
PuppetPuppet Version2.6.4
PuppetPuppet Version2.6.5
PuppetPuppet Version2.6.6
PuppetPuppet Version2.6.7
PuppetPuppet Version2.6.8
PuppetPuppet Version2.6.9
PuppetPuppet Version2.6.10
PuppetPuppet Version2.6.11
PuppetPuppet Version2.6.12
PuppetPuppet Version2.6.13
PuppetPuppet Version2.6.14
PuppetPuppet Version2.6.15
PuppetPuppet Version2.7.2
PuppetPuppet Version2.7.3
PuppetPuppet Version2.7.4
PuppetPuppet Version2.7.5
PuppetPuppet Version2.7.6
PuppetPuppet Version2.7.7
PuppetPuppet Version2.7.8
PuppetPuppet Version2.7.9
PuppetPuppet Version2.7.10
PuppetPuppet Version2.7.11
PuppetPuppet Version2.7.12
PuppetPuppet Version2.7.13
PuppetPuppet Version2.7.14
PuppetPuppet Version2.7.16
PuppetPuppet Version2.7.17
PuppetlabsPuppet Version <= 2.6.16
PuppetlabsPuppet Version2.7.0
PuppetlabsPuppet Version2.7.1
DebianDebian Linux Version6.0
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version11.04
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 SwEditionlts
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.1
SuseLinux Enterprise Desktop Version11 Updatesp1
SuseLinux Enterprise Desktop Version11 Updatesp2
SuseLinux Enterprise Server Version11 Updatesp1
SuseLinux Enterprise Server Version11 Updatesp1 SwPlatformvmware
SuseLinux Enterprise Server Version11 Updatesp2
PuppetPuppet Enterprise Version <= 2.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.45% 0.823
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
Third Party Advisory
http://secunia.com/advisories/50014
http://www.debian.org/security/2012/dsa-2511
Third Party Advisory
http://www.ubuntu.com/usn/USN-1506-1
Third Party Advisory
http://puppetlabs.com/security/cve/cve-2012-3867/
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=839158
Issue Tracking
https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
Patch
Exploit
Issue Tracking
https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
Patch
Exploit
Issue Tracking