Test ID:	1.3.6.1.4.1.25623.1.0.70566
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 2352-1 (puppet)
Summary:	Debian Security Advisory DSA 2352-1 (puppet)
Description:	The remote host is missing an update to puppet announced via advisory DSA 2352-1. It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the certdnsnames option was used. This could lead to man in the middle attacks. More details are available at http://puppetlabs.com/security/cve/cve-2011-3872/ For the oldstable distribution (lenny), this problem has been fixed in version 0.24.5-3+lenny2. For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 2.7.6-1. We recommend that you upgrade your puppet packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%202352-1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3872 http://www.ubuntu.com/usn/USN-1238-1 http://www.ubuntu.com/usn/USN-1238-2 BugTraq ID: 50356 http://www.securityfocus.com/bid/50356 http://secunia.com/advisories/46550 http://secunia.com/advisories/46578 http://secunia.com/advisories/46934 http://secunia.com/advisories/46964 XForce ISS Database: puppet-x509-spoofing(70970) http://xforce.iss.net/xforce/xfdb/70970
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: