[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-3867Date: (C)2012-08-06   (M)2024-02-09


lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-50014
DSA-2511
SUSE-SU-2012:0983
USN-1506-1
http://puppetlabs.com/security/cve/cve-2012-3867/
https://bugzilla.redhat.com/show_bug.cgi?id=839158
https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
openSUSE-SU-2012:0891

CPE    10
cpe:/o:opensuse:opensuse:12.1
cpe:/a:puppetlabs:puppet:2.7.1
cpe:/a:puppetlabs:puppet:2.7.0
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
...
CWE    1
CWE-264
OVAL    6
oval:org.secpod.oval:def:1601351
oval:org.secpod.oval:def:700936
oval:org.secpod.oval:def:104775
oval:org.secpod.oval:def:104016
...

© SecPod Technologies