Download
| Alert*
oval:org.secpod.oval:def:106367
Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:106344 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:1600199 Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. oval:org.secpod.oval:def:1600289 Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited ut ... oval:org.secpod.oval:def:601199 The fix for CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource. The oldstable distribution is not affected by this regression. For the stable distribution , this problem has been fixed in version 2.7.23-1~deb7u3. For the testing distribution ... oval:org.secpod.oval:def:601110 Several vulnerabilities were discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4761 The "resource_type" service could be used to make puppet load arbitrary Ruby code from puppet master"s ... oval:org.secpod.oval:def:601181 An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. oval:org.secpod.oval:def:114176 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:2001383 In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. |