The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Puppet

computer vulnerability alert CVE-2018-11746

Puppet Discovery: information disclosure via HTTP Basic Auth

Synthesis of the vulnerability

An attacker can use a vulnerability via HTTP Basic Auth of Puppet Discovery, in order to obtain sensitive information.
Impacted products: Puppet.
Severity: 2/4.
Creation date: 03/07/2018.
Identifiers: CVE-2018-11746, VIGILANCE-VUL-26606.

Description of the vulnerability

The Puppet Discovery product offers a web service.

However, an attacker can read the password in the Basic Auth if the session does not use HTTPS

An attacker can therefore use a vulnerability via HTTP Basic Auth of Puppet Discovery, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-6510 CVE-2018-6511

Puppet Enterprise: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Puppet Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Puppet.
Severity: 2/4.
Creation date: 02/05/2018.
Identifiers: CVE-2018-6510, CVE-2018-6511, VIGILANCE-VUL-26024.

Description of the vulnerability

The Puppet Enterprise product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Puppet Enterprise, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-2292 CVE-2017-2293 CVE-2017-2294

Puppet Labs Puppet: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Puppet Labs Puppet.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Puppet, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 12/05/2017.
Identifiers: bulletinjul2018, CVE-2017-2292, CVE-2017-2293, CVE-2017-2294, CVE-2017-2295, CVE-2017-2297, DLA-1012-1, DSA-3862-1, FEDORA-2017-8ad8d1bd86, FEDORA-2017-b9b66117bb, openSUSE-SU-2017:1948-1, SUSE-SU-2017:2113-1, USN-3308-1, VIGILANCE-VUL-22719.

Description of the vulnerability

Several vulnerabilities were announced in Puppet Labs Puppet.

An attacker can use a vulnerability of the YAML parser, in order to run code in MCollective. [severity:3/4; CVE-2017-2292]

An attacker can tamper with the MCollective server to deploy arbitrary programs. [severity:2/4; CVE-2017-2293]

An attacker can bypass security features via MCollective Private Keys, in order to obtain sensitive information. [severity:2/4; CVE-2017-2294]

An attacker can use a vulnerability of the YAML parser, in order to run code in the Puppet server. [severity:3/4; CVE-2017-2295]

An attacker can get the access rights of another user. [severity:3/4; CVE-2017-2297]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-5714 CVE-2016-5715 CVE-2016-5716

Puppet: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Puppet.
Impacted products: Puppet.
Severity: 3/4.
Creation date: 17/10/2016.
Revision date: 21/10/2016.
Identifiers: CVE-2016-5714, CVE-2016-5715, CVE-2016-5716, VIGILANCE-VUL-20883.

Description of the vulnerability

Several vulnerabilities were announced in Puppet.

An attacker can deceive the user via Puppet Enterprise Console, in order to redirect him to a malicious site. [severity:1/4; CVE-2016-5715]

An attacker can use a vulnerability via PXP, in order to run code. [severity:3/4]

An attacker can bypass security features via PCP, in order to escalate his privileges. [severity:2/4]

An attacker can use a vulnerability via Puppet Enterprise Console, in order to run code. [severity:3/4; CVE-2016-5716]

An attacker can bypass security features via Environment Catalogs, in order to escalate his privileges. [severity:2/4; CVE-2016-5714]

An attacker can check the validity of a username, in order to obtain sensitive information. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-6302 CVE-2016-6303 CVE-2016-6304

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Mac OS X, Arkoon FAST360, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, DB2 UDB, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Copssh, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee Email Gateway, ePO, MySQL Community, MySQL Enterprise, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Percona Server, XtraDB Cluster, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WindRiver Linux, VxWorks.
Severity: 3/4.
Creation date: 22/09/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2000209, 2000544, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2017, bulletinjul2016, bulletinoct2016, CERTFR-2016-AVI-320, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpuoct2017, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-16-050, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, HT207423, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2016:2802-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA132, SA40312, SB10171, SB10215, SOL54211024, SOL90492697, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, STORM-2016-005, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20678.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can create a memory over consumption via an OCSP request, in order to trigger a denial of service. [severity:3/4; CVE-2016-6304]

An attacker can make a process block itself via SSL_peek, in order to trigger a denial of service. [severity:2/4; CVE-2016-6305]

An attacker can generate a buffer overflow via MDC2_Update, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-6303]

An attacker can generate a read only buffer overflow, in order to trigger a denial of service. [severity:1/4; CVE-2016-6302]

An attacker can generate a read only buffer overflow via the parsing of an X.509 certificate, in order to trigger a denial of service. [severity:1/4; CVE-2016-6306]

An attacker can make the server allocates a large amount of memory to process TLS packets. [severity:1/4; CVE-2016-6307]

An attacker can make the server allocates a large amount of memory to process DTLS packets. [severity:1/4; CVE-2016-6308]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-7167

libcurl: integer overflow via curl_escape

Synthesis of the vulnerability

An attacker can generate an integer overflow via functions of the curl_escape() family of libcurl, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, Puppet, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 14/09/2016.
Identifiers: bulletinoct2016, cpuoct2018, CVE-2016-7167, DLA-625-1, FEDORA-2016-7a2ed52d41, FEDORA-2016-80f4f71eff, HT207423, JSA10874, openSUSE-SU-2016:2768-1, RHSA-2017:2016-01, SSA:2016-259-01, SUSE-SU-2016:2699-1, SUSE-SU-2016:2714-1, USN-3123-1, VIGILANCE-VUL-20606.

Description of the vulnerability

The libcurl library provides the curl_escape(), curl_easy_escape(), curl_unescape() and curl_easy_unescape() functions to convert special characters.

However, if the requested size is too large, an integer overflows, and an allocated memory area is too short.

An attacker can therefore generate an integer overflow via functions of the curl_escape() family of libcurl, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-5713

Puppet Labs Puppet: code execution via pxp-module-puppet

Synthesis of the vulnerability

An attacker can tamper with the environment of the program pxp-module-puppet of Puppet Labs Puppet, in order to run code.
Impacted products: Puppet.
Severity: 1/4.
Creation date: 12/08/2016.
Identifiers: CVE-2016-5713, VIGILANCE-VUL-20373.

Description of the vulnerability

The Puppet Labs Puppet Agent uses its environment.

However, its does not check or filter it. An attacker can tamper with it in order to run code. Technical details are unknown.

An attacker can therefore tamper with the environment of the program pxp-module-puppet of Puppet Labs Puppet, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-5423 CVE-2016-5424

PostgreSQL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PostgreSQL.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, PostgreSQL, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 11/08/2016.
Identifiers: CERTFR-2016-AVI-281, CVE-2016-5423, CVE-2016-5424, DLA-592-1, DSA-3646-1, FEDORA-2016-30b01bdedd, FEDORA-2016-5486a6dfc0, openSUSE-SU-2016:2425-1, openSUSE-SU-2016:2464-1, openSUSE-SU-2017:1021-1, RHSA-2016:1781-01, RHSA-2016:1820-01, RHSA-2016:1821-01, RHSA-2016:2606-02, SUSE-SU-2016:2414-1, SUSE-SU-2016:2415-1, SUSE-SU-2016:2418-1, USN-3066-1, VIGILANCE-VUL-20369.

Description of the vulnerability

Several vulnerabilities were announced in PostgreSQL.

An attacker can trigger a fatal error via Nested CASE, in order to trigger a denial of service. [severity:1/4; CVE-2016-5423]

An attacker can use a database or role name with injected commands, which are run by administrative operations such as pg_dumpall, in order to run privileged code. [severity:2/4; CVE-2016-5424]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-2788

Puppet: code execution via MCollective ping

Synthesis of the vulnerability

An authenticated attacker can use the ping command of MCollective via Puppet, in order to run code.
Impacted products: Puppet.
Severity: 2/4.
Creation date: 10/08/2016.
Identifiers: CVE-2016-2788, VIGILANCE-VUL-20357.

Description of the vulnerability

The Puppet product uses the MCollective (Marionette Collective, parallel job-execution) tool.

MCollective offers the "mco ping" command, to check if a group of hosts are alive. However, the parameter of this command is not sufficiently checked, so a shell command can be injected.

An authenticated attacker can therefore use the ping command of MCollective via Puppet, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-7331

Puppet: code execution via mcollective-puppet-agent

Synthesis of the vulnerability

An attacker can use the "--server" option of mcollective-puppet-agent, to connect to a malicious server, in order to run code.
Impacted products: Puppet.
Severity: 1/4.
Creation date: 10/08/2016.
Identifiers: CVE-2015-7331, VIGILANCE-VUL-20356.

Description of the vulnerability

The Puppet product uses the mcollective-puppet-agent plugin as an interface to MCollective (Marionette Collective, parallel job-execution).

This agent can send the "--server" option to MCollective. However, an attacker can use this parameter to force MCollective to connect to a malicious server, which leads to arbitrary code execution.

An attacker can therefore use the "--server" option of mcollective-puppet-agent, to connect to a malicious server, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Puppet: