 |
Inicial ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles Site
Analyzer ▼
Inicial
Análisis Avanzado
Análisis Estándar
Análisis Básico
Resumen de Precios/Funciones
Ordenar
Preguntas Frecuentes
Ejecutar Análisis Reportes Ver Cola Recordatorio | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.702761 |
| Categoría: | Debian Local Security Checks |
| Título: | Debian Security Advisory DSA 2761-1 (puppet - several vulnerabilities) |
| Resumen: | Several vulnerabilities were discovered in puppet, a centralized;configuration management system. The Common Vulnerabilities and;Exposures project identifies the following problems:;;CVE-2013-4761The resource_type;service (disabled by default) could be used to;make puppet load arbitrary Ruby code from puppet master's file;system.;;CVE-2013-4956;Modules installed with the Puppet Module Tool might be installed;with weak permissions, possibly allowing local users to read or;modify them.;;The stable distribution (wheezy) has been updated to version 2.7.33 of;puppet. This version includes the patches for all the previous DSAs;related to puppet in wheezy. In this version, the puppet report format;is now correctly reported as version 3.;;It is to be expected that future DSAs for puppet update to a newer,;bug fix-only, release of the 2.7 branch.;;The oldstable distribution (squeeze) has not been updated for this;advisory: as of this time there is no fix for;CVE-2013-4761 and the package is not affected by;CVE-2013-4956;. |
| Descripción: | Summary: Several vulnerabilities were discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4761The resource_type service (disabled by default) could be used to make puppet load arbitrary Ruby code from puppet master's file system. CVE-2013-4956 Modules installed with the Puppet Module Tool might be installed with weak permissions, possibly allowing local users to read or modify them. The stable distribution (wheezy) has been updated to version 2.7.33 of puppet. This version includes the patches for all the previous DSAs related to puppet in wheezy. In this version, the puppet report format is now correctly reported as version 3. It is to be expected that future DSAs for puppet update to a newer, bug fix-only, release of the 2.7 branch. The oldstable distribution (squeeze) has not been updated for this advisory: as of this time there is no fix for CVE-2013-4761 and the package is not affected by CVE-2013-4956 . Affected Software/OS: puppet on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 2.7.23-1~ deb7u1. For the testing distribution (jessie) and the unstable distribution (sid), these problems have been fixed in version 3.2.4-1. We recommend that you upgrade your puppet packages. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-4956 Debian Security Information: DSA-2761 (Google Search) http://www.debian.org/security/2013/dsa-2761 RedHat Security Advisories: RHSA-2013:1283 http://rhn.redhat.com/errata/RHSA-2013-1283.html RedHat Security Advisories: RHSA-2013:1284 http://rhn.redhat.com/errata/RHSA-2013-1284.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4761 SuSE Security Announcement: SUSE-SU-2014:0155 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html |
| Copyright | Copyright (C) 2013 Greenbone Networks GmbH http://greenbone.net |
| Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |