Debian Security Advisory DSA 2352-1 (puppet) Network Vulnerability

Summary

The remote host is missing an update to puppet announced via advisory DSA 2352-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202352-1

Insight

It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the certdnsnames option was used. This could lead to man in the middle attacks. More details are available at http://puppetlabs.com/security/cve/cve-2011-3872/ For the oldstable distribution (lenny), this problem has been fixed in version 0.24.5-3+lenny2. For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 2.7.6-1. We recommend that you upgrade your puppet packages.

Severity

Classification

CVE CVE-2011-3872

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 2752-1 (phpbb3 - permissions too wide)
Debian Security Advisory DSA 1961-1 (bind9)
Debian Security Advisory DSA 2411-1 (mumble)
Debian Security Advisory DSA 2321-1 (moin)
Debian Security Advisory DSA 022-1 (exmh)

Take action and discover your vulnerabilities