CVE-2012-1988
Description
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-1988
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/49136
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/48789
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/48748
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/48743
Vendor advisory: cve@mitre.org — http://puppetlabs.com/security/cve/cve-2012-1988/
Vendor advisory: cve@mitre.org — http://projects.puppetlabs.com/issues/13518
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| ubuntu | 10.04 | affected | |
| ubuntu | 11.04 | affected | |
| ubuntu | 11.10 | affected | |
| debian | 6.0 | affected | |
| debian | 7.0 | affected | |
| fedora | 15 | affected | |
| fedora | 16 | affected | |
| fedora | 17 | affected | |
| debian | bullseye | fixed | 2.7.13-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| puppet | puppet | {"startIncluding":"2.6.0","endExcluding":"2.6.15"} | 2.6.15 |
| puppet | puppet_enterprise | {"startIncluding":"1.2.0","endExcluding":"2.5.1"} | 2.5.1 |
| puppet | puppet_enterprise | 1.0 | |
| puppet | puppet_enterprise | 1.1 | |
References
- https://github.com/advisories/GHSA-6xxq-j39w-g3f6
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
- http://projects.puppetlabs.com/issues/13518
- http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
- http://puppetlabs.com/security/cve/cve-2012-1988/
- http://secunia.com/advisories/48743
- http://secunia.com/advisories/48748
- http://secunia.com/advisories/48789
- http://secunia.com/advisories/49136
- http://ubuntu.com/usn/usn-1419-1
- http://www.debian.org/security/2012/dsa-2451
- http://www.osvdb.org/81309
- http://www.securityfocus.com/bid/52975
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
- https://hermes.opensuse.org/messages/14523305
- https://hermes.opensuse.org/messages/15087408
- https://nvd.nist.gov/vuln/detail/CVE-2012-1988
- https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
- https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
- https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
- https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
- https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
- https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
CWEs
CWE-78
Verify integrity in audit chain (admin only). AS-IS.