CVE-2014-3248

Summary

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

Impact & exploitability

AV:L/AC:H/Au:N/C:C/I:C/A:C

Affected products we track (1)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://puppetlabs.com/security/cve/cve-2014-3248Advisory
• http://secunia.com/advisories/59197
• http://secunia.com/advisories/59200
• http://www.securityfocus.com/bid/68035Advisory
• http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/Exploit