Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 2511-1 (puppet)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

4.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

8 months ago

Summary

The remote host is missing an update to puppet announced via advisory DSA 2511-1.

Insight

Insight

Several security vulnerabilities have been found in Puppet, a centralized configuration management: CVE-2012-3864 Authenticated clients could read arbitrary files on the puppet master. CVE-2012-3865 Authenticated clients could delete arbitrary files on the puppet master. CVE-2012-3866 The report of the most recent Puppet run was stored with world- readable permissions, resulting in information disclosure. CVE-2012-3867 Agent hostnames were insufficiently validated. For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze6. For the unstable distribution (sid), this problem has been fixed in version 2.7.18-1.

Solution

Solution

We recommend that you upgrade your puppet packages.

Common Vulnerabilities and Exposures (CVE)