Ubuntu Update For Puppet USN-1238-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1238-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that Puppet incorrectly handled the non-default &quot certdnsnames&quot option when generating certificates. If this setting was added to puppet.conf, the puppet master&#8217 s DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master&#8217 s certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.

Affected

puppet on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-October/001456.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3872

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for fuse vulnerabilities USN-1077-1
Ubuntu Update for gnupg USN-2339-1
Ubuntu Update for libssh USN-2145-1
Ubuntu Update for transmission USN-1584-1
Ubuntu Update for net-snmp USN-1450-1

Ubuntu Update for puppet USN-1238-1

Take action and discover your vulnerabilities