Published: 29/05/2012 Updated: 11/07/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Unspecified vulnerability in Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
puppet puppet 2.6.6
puppet puppet 2.6.5
puppet puppet 2.6.13
puppet puppet 2.6.12
puppet puppet 2.6.4
puppet puppet 2.6.3
puppet puppet 2.6.9
puppet puppet 2.6.8
puppet puppet 2.6.7
puppet puppet 2.6.0
puppet puppet 2.6.14
puppet puppet 2.6.11
puppet puppet 2.6.10
puppet puppet 2.6.2
puppet puppet 2.6.1
puppet puppet 2.7.10
puppetlabs puppet 2.7.1
puppetlabs puppet 2.7.0
puppet puppet 2.7.9
puppet puppet 2.7.8
puppet puppet 2.7.4
puppet puppet 2.7.3
puppet puppet 2.7.5
puppet puppet 2.7.2
puppet puppet 2.7.7
puppet puppet 2.7.6
puppet puppet 2.7.11
puppet puppet enterprise 2.5.0
puppet puppet enterprise 1.2.0
puppet puppet enterprise 2.0.1
puppet puppet enterprise 1.2.1
puppet puppet enterprise 1.2.2
puppetlabs puppet enterprise users 1.0
puppetlabs puppet enterprise users 1.1
puppet puppet enterprise 2.0.0
puppet puppet enterprise 2.0.2
puppet puppet enterprise 1.2.3
puppet puppet enterprise 1.2.4

Several security issues were fixed in puppet ...

Several vulnerabilities have been discovered in Puppet, a centralized configuration management system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-1906 Puppet is using predictable temporary file names when downloading Mac OS X package files This allows a local attacker to either overwri ...

Several vulnerabilities have been discovered in Gajim, a feature-rich Jabber client The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-1987 Gajim is not properly sanitizing input before passing it to shell commands An attacker can use this flaw to execute arbitrary code on behalf of the victi ...

NVD-CWE-noinfo http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/http://www.debian.org/security/2012/dsa-2451 http://www.securityfocus.com/bid/52975 https://hermes.opensuse.org/messages/14523305 http://www.osvdb.org/81308 http://ubuntu.com/usn/usn-1419-1 http://secunia.com/advisories/48743 http://secunia.com/advisories/48789 http://puppetlabs.com/security/cve/cve-2012-1987/http://projects.puppetlabs.com/issues/13553 http://secunia.com/advisories/48748 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html http://projects.puppetlabs.com/issues/13552 http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 http://secunia.com/advisories/49136 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html https://hermes.opensuse.org/messages/15087408 https://exchange.xforce.ibmcloud.com/vulnerabilities/74794 https://usn.ubuntu.com/1419-1/https://nvd.nist.gov

CVE-2012-1987

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect