Ubuntu Local Security Checks : Ubuntu Update for puppet USN-1506-1

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.841079

Kategorie: Ubuntu Local Security Checks

Titel: Ubuntu Update for puppet USN-1506-1

Zusammenfassung: Ubuntu Update for Linux kernel vulnerabilities USN-1506-1

Beschreibung: Summary:
Ubuntu Update for Linux kernel vulnerabilities USN-1506-1

Vulnerability Insight:
It was discovered that Puppet incorrectly handled certain HTTP GET
requests. An attacker could use this flaw with a valid client certificate
to retrieve arbitrary files from the Puppet master. (CVE-2012-3864)

It was discovered that Puppet incorrectly handled Delete requests. If a
Puppet master were reconfigured to allow the 'Delete' method, an attacker
on an authenticated host could use this flaw to delete arbitrary files from
the Puppet server, leading to a denial of service. (CVE-2012-3865)

It was discovered that Puppet incorrectly set file permissions on the
last_run_report.yaml file. An attacker could use this flaw to access
sensitive information. This issue only affected Ubuntu 11.10 and Ubuntu
12.04 LTS. (CVE-2012-3866)

It was discovered that Puppet incorrectly handled agent certificate names.
An attacker could use this flaw to create a specially crafted certificate
and trick an administrator into signing a certificate that can then be used
to man-in-the-middle agent nodes. (CVE-2012-3867)

Affected Software/OS:
puppet on Ubuntu 12.04 LTS,
Ubuntu 11.10,
Ubuntu 11.04,
Ubuntu 10.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-3864
Debian Security Information: DSA-2511 (Google Search)
http://www.debian.org/security/2012/dsa-2511
http://secunia.com/advisories/50014
SuSE Security Announcement: SUSE-SU-2012:0983 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
SuSE Security Announcement: openSUSE-SU-2012:0891 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
http://www.ubuntu.com/usn/USN-1506-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3865
Common Vulnerability Exposure (CVE) ID: CVE-2012-3866
Common Vulnerability Exposure (CVE) ID: CVE-2012-3867

Copyright Copyright (c) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.841079
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for puppet USN-1506-1
Zusammenfassung:	Ubuntu Update for Linux kernel vulnerabilities USN-1506-1
Beschreibung:	Summary: Ubuntu Update for Linux kernel vulnerabilities USN-1506-1 Vulnerability Insight: It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. (CVE-2012-3864) It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the 'Delete' method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. (CVE-2012-3865) It was discovered that Puppet incorrectly set file permissions on the last_run_report.yaml file. An attacker could use this flaw to access sensitive information. This issue only affected Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3866) It was discovered that Puppet incorrectly handled agent certificate names. An attacker could use this flaw to create a specially crafted certificate and trick an administrator into signing a certificate that can then be used to man-in-the-middle agent nodes. (CVE-2012-3867) Affected Software/OS: puppet on Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3864 Debian Security Information: DSA-2511 (Google Search) http://www.debian.org/security/2012/dsa-2511 http://secunia.com/advisories/50014 SuSE Security Announcement: SUSE-SU-2012:0983 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html SuSE Security Announcement: openSUSE-SU-2012:0891 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html http://www.ubuntu.com/usn/USN-1506-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3865 Common Vulnerability Exposure (CVE) ID: CVE-2012-3866 Common Vulnerability Exposure (CVE) ID: CVE-2012-3867
Copyright	Copyright (c) 2012 Greenbone Networks GmbH