Summary
The remote host is missing an update to puppet
announced via advisory DSA 2511-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202511-1
Insight
Several security vulnerabilities have been found in Puppet, a centralized configuration management:
CVE-2012-3864
Authenticated clients could read arbitrary files on the puppet master.
CVE-2012-3865
Authenticated clients could delete arbitrary files on the puppet master.
CVE-2012-3866
The report of the most recent Puppet run was stored with world- readable permissions, resulting in information disclosure.
CVE-2012-3867
Agent hostnames were insufficiently validated.
For the stable distribution (squeeze), this problem has been fixed in version 2.6.2-5+squeeze6.
For the unstable distribution (sid), this problem has been fixed in version 2.7.18-1.
We recommend that you upgrade your puppet packages.
Severity
Classification
-
CVE CVE-2012-3864, CVE-2012-3865, CVE-2012-3866, CVE-2012-3867 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities