Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2014-3248 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did not affect the versions of Puppet, Mcollective, Facter, or Hiera as shipped with various Red Hat Enterprise products as they all run on top of Ruby 1.9.3 or later.
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 4.4 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | ruby193-puppet | Not affected |
| Red Hat Satellite 6 | puppet | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) | puppet | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 4.0 | puppet | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 3.0 | puppet | Will not fix |
Vulmon