Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.841079 |
Kategorie: | Ubuntu Local Security Checks |
Titel: | Ubuntu Update for puppet USN-1506-1 |
Zusammenfassung: | Ubuntu Update for Linux kernel vulnerabilities USN-1506-1 |
Beschreibung: | Summary: Ubuntu Update for Linux kernel vulnerabilities USN-1506-1 Vulnerability Insight: It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. (CVE-2012-3864) It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the 'Delete' method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. (CVE-2012-3865) It was discovered that Puppet incorrectly set file permissions on the last_run_report.yaml file. An attacker could use this flaw to access sensitive information. This issue only affected Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3866) It was discovered that Puppet incorrectly handled agent certificate names. An attacker could use this flaw to create a specially crafted certificate and trick an administrator into signing a certificate that can then be used to man-in-the-middle agent nodes. (CVE-2012-3867) Affected Software/OS: puppet on Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3864 Debian Security Information: DSA-2511 (Google Search) http://www.debian.org/security/2012/dsa-2511 http://secunia.com/advisories/50014 SuSE Security Announcement: SUSE-SU-2012:0983 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html SuSE Security Announcement: openSUSE-SU-2012:0891 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://www.ubuntu.com/usn/USN-1506-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3865 Common Vulnerability Exposure (CVE) ID: CVE-2012-3866 Common Vulnerability Exposure (CVE) ID: CVE-2012-3867 |
Copyright | Copyright (c) 2012 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |