CVE-2011-3872
LOW severity · CVSS 2.6 · Improper input validation
2.6CVSS LOW
Summary
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impact—
Availability impactNone
Exploit probability (EPSS)2%
AV:N/AC:H/Au:N/C:N/I:P/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://groups.google.com/group/puppet-announce/browse_thread/thread/e7edc3a71348f3e1 ↗
Additional information
- NVD record
- http://groups.google.com/group/puppet-announce/browse_thread/thread/e7edc3a71348f3e1Patch
- http://secunia.com/advisories/46550Advisory
- http://secunia.com/advisories/46578Advisory
- http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/
- http://secunia.com/advisories/46934
- http://secunia.com/advisories/46964
- http://www.securityfocus.com/bid/50356
- http://www.ubuntu.com/usn/USN-1238-1