 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.841361 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-1759-1) |
| Summary: | The remote host is missing an update for the 'puppet' package(s) announced via the USN-1759-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'puppet' package(s) announced via the USN-1759-1 advisory. Vulnerability Insight: It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. (CVE-2013-1653) It was discovered that Puppet incorrectly handled certain catalog requests. An attacker on an authenticated client could use this issue to possibly execute arbitrary code on the master. (CVE-2013-1640) It was discovered that Puppet incorrectly handled certain client requests. An attacker on an authenticated client could use this issue to possibly perform unauthorized actions. (CVE-2013-1652) It was discovered that Puppet incorrectly handled certain SSL connections. An attacker could use this issue to possibly downgrade connections to SSLv2. (CVE-2013-1654) It was discovered that Puppet incorrectly handled serialized attributes. An attacker on an authenticated client could use this issue to possibly cause a denial of service, or execute arbitrary. (CVE-2013-1655) It was discovered that Puppet incorrectly handled submitted reports. An attacker on an authenticated node could use this issue to possibly submit a report for any other node. (CVE-2013-2275) Affected Software/OS: 'puppet' package(s) on Ubuntu 11.10, Ubuntu 12.04, Ubuntu 12.10. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-1640 Debian Security Information: DSA-2643 (Google Search) http://www.debian.org/security/2013/dsa-2643 RedHat Security Advisories: RHSA-2013:0710 http://rhn.redhat.com/errata/RHSA-2013-0710.html http://secunia.com/advisories/52596 SuSE Security Announcement: SUSE-SU-2013:0618 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html SuSE Security Announcement: openSUSE-SU-2013:0641 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://ubuntu.com/usn/usn-1759-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1652 BugTraq ID: 58443 http://www.securityfocus.com/bid/58443 Common Vulnerability Exposure (CVE) ID: CVE-2013-1653 BugTraq ID: 58446 http://www.securityfocus.com/bid/58446 Common Vulnerability Exposure (CVE) ID: CVE-2013-1654 BugTraq ID: 64758 http://www.securityfocus.com/bid/64758 Common Vulnerability Exposure (CVE) ID: CVE-2013-1655 BugTraq ID: 58442 http://www.securityfocus.com/bid/58442 Common Vulnerability Exposure (CVE) ID: CVE-2013-2275 BugTraq ID: 58449 http://www.securityfocus.com/bid/58449 |
| Copyright | Copyright (C) 2013 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |