Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

Source

ALAS-2012-075

Amazon Linux AMI Security Advisory: ALAS-2012-75
Advisory Release Date: 2012-05-08 23:13 Pacific
Advisory Updated Date: 2014-09-14 16:09 Pacific

Severity: Medium

References: CVE-2012-1986

Issue Overview:

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

Affected Packages:

puppet

Issue Correction:
Run yum update puppet to update your system.

New Packages:

i686:
    puppet-debuginfo-2.6.16-1.6.amzn1.i686
    puppet-2.6.16-1.6.amzn1.i686
    puppet-server-2.6.16-1.6.amzn1.i686

src:
    puppet-2.6.16-1.6.amzn1.src

x86_64:
    puppet-debuginfo-2.6.16-1.6.amzn1.x86_64
    puppet-2.6.16-1.6.amzn1.x86_64
    puppet-server-2.6.16-1.6.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2012-075

ALAS-2012-075

Vulmon Search

About

Products

Connect