vulnerability CVE-2013-4287 CVE-2013-4957 CVE-2013-4965
Puppet Enterprise: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Puppet Enterprise.Impacted products:
openSUSE, Puppet, RHEL.
BID-63173, BID-63386, CERTA-2013-AVI-592, CVE-2013-4287, CVE-2013-4957, CVE-2013-4965, openSUSE-SU-2013:1611-1, RHSA-2013:1441-01, VIGILANCE-VUL-13610.
Description of the vulnerability
Several vulnerabilities were announced in Puppet Enterprise.
An attacker can generate a large loop in RubyGems regular expressions, in order to trigger a denial of service. [severity:2/4; CVE-2013-4287]
An attacker can use a YAML report, in order to execute code. [severity:2/4; BID-63173, CVE-2013-4957]
An attacker can try several passwords with no limit, in order to guess a valid user's password. [severity:2/4; BID-63386, CVE-2013-4965]Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides computers vulnerabilities patches
. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.