CVE-2012-3867
Description
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-3867
Vendor advisory: cve@mitre.org — https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
Vendor advisory: cve@mitre.org — https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
Vendor advisory: cve@mitre.org — http://puppetlabs.com/security/cve/cve-2012-3867/
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| ubuntu | 12.04 | affected | |
| suse | 11.4 | affected | |
| suse | 12.1 | affected | |
| suse | 11 | affected | |
| debian | 6.0 | affected | |
| ubuntu | 10.04 | affected | |
| ubuntu | 11.04 | affected | |
| ubuntu | 11.10 | affected | |
| debian | bullseye | fixed | 2.7.18-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| puppet | puppet | 2.6.0 | |
| puppet | puppet | 2.6.1 | |
| puppet | puppet | 2.6.2 | |
| puppet | puppet | 2.6.3 | |
| puppet | puppet | 2.6.4 | |
| puppet | puppet | 2.6.5 | |
| puppet | puppet | 2.6.6 | |
| puppet | puppet | 2.6.7 | |
| puppet | puppet | 2.6.8 | |
| puppet | puppet | 2.6.9 | |
| puppet | puppet | 2.6.10 | |
| puppet | puppet | 2.6.11 | |
| puppet | puppet | 2.6.12 | |
| puppet | puppet | 2.6.13 | |
| puppet | puppet | 2.6.14 | |
| puppet | puppet | 2.6.15 | |
| puppet | puppet | 2.7.2 | |
| puppet | puppet | 2.7.3 | |
| puppet | puppet | 2.7.4 | |
| puppet | puppet | 2.7.5 | |
| puppet | puppet | 2.7.6 | |
| puppet | puppet | 2.7.7 | |
| puppet | puppet | 2.7.8 | |
| puppet | puppet | 2.7.9 | |
| puppet | puppet | 2.7.10 | |
| puppet | puppet | 2.7.11 | |
| puppet | puppet | 2.7.12 | |
| puppet | puppet | 2.7.13 | |
| puppet | puppet | 2.7.14 | |
| puppet | puppet | 2.7.16 | |
| puppet | puppet | 2.7.17 | |
| puppetlabs | puppet | {"endIncluding":"2.6.16"} | |
| puppetlabs | puppet | 2.7.0 | |
| puppetlabs | puppet | 2.7.1 | |
| puppet | puppet_enterprise | {"endIncluding":"2.5.1"} | |
References
- https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
- http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
- http://puppetlabs.com/security/cve/cve-2012-3867/
- http://secunia.com/advisories/50014
- http://www.debian.org/security/2012/dsa-2511
- http://www.ubuntu.com/usn/USN-1506-1
- https://bugzilla.redhat.com/show_bug.cgi?id=839158
- https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
- https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
- https://nvd.nist.gov/vuln/detail/CVE-2012-3867
- https://github.com/puppetlabs/puppet
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
- http://puppetlabs.com/security/cve/cve-2012-3867
- https://security-tracker.debian.org/tracker/CVE-2012-3867
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.