Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.702761 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 2761-1 (puppet - several vulnerabilities) |
Summary: | Several vulnerabilities were discovered in puppet, a centralized;configuration management system. The Common Vulnerabilities and;Exposures project identifies the following problems:;;CVE-2013-4761The resource_type;service (disabled by default) could be used to;make puppet load arbitrary Ruby code from puppet master's file;system.;;CVE-2013-4956;Modules installed with the Puppet Module Tool might be installed;with weak permissions, possibly allowing local users to read or;modify them.;;The stable distribution (wheezy) has been updated to version 2.7.33 of;puppet. This version includes the patches for all the previous DSAs;related to puppet in wheezy. In this version, the puppet report format;is now correctly reported as version 3.;;It is to be expected that future DSAs for puppet update to a newer,;bug fix-only, release of the 2.7 branch.;;The oldstable distribution (squeeze) has not been updated for this;advisory: as of this time there is no fix for;CVE-2013-4761 and the package is not affected by;CVE-2013-4956;. |
Description: | Summary: Several vulnerabilities were discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4761The resource_type service (disabled by default) could be used to make puppet load arbitrary Ruby code from puppet master's file system. CVE-2013-4956 Modules installed with the Puppet Module Tool might be installed with weak permissions, possibly allowing local users to read or modify them. The stable distribution (wheezy) has been updated to version 2.7.33 of puppet. This version includes the patches for all the previous DSAs related to puppet in wheezy. In this version, the puppet report format is now correctly reported as version 3. It is to be expected that future DSAs for puppet update to a newer, bug fix-only, release of the 2.7 branch. The oldstable distribution (squeeze) has not been updated for this advisory: as of this time there is no fix for CVE-2013-4761 and the package is not affected by CVE-2013-4956 . Affected Software/OS: puppet on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 2.7.23-1~ deb7u1. For the testing distribution (jessie) and the unstable distribution (sid), these problems have been fixed in version 3.2.4-1. We recommend that you upgrade your puppet packages. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-4956 Debian Security Information: DSA-2761 (Google Search) http://www.debian.org/security/2013/dsa-2761 RedHat Security Advisories: RHSA-2013:1283 http://rhn.redhat.com/errata/RHSA-2013-1283.html RedHat Security Advisories: RHSA-2013:1284 http://rhn.redhat.com/errata/RHSA-2013-1284.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4761 SuSE Security Announcement: SUSE-SU-2014:0155 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html |
Copyright | Copyright (C) 2013 Greenbone Networks GmbH http://greenbone.net |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |