Lucene search

[email protected]CVE-2012-3867

HistoryAug 06, 2012 - 4:55 p.m.

CVE-2012-3867

2012-08-0616:55:06

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-3867

puppet

ssl

certificate authority

remote attack

ansi control sequences

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

JSON

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

Affected configurations

NVD

Node

puppetpuppetMatch2.6.0

puppetpuppetMatch2.6.1

puppetpuppetMatch2.6.2

puppetpuppetMatch2.6.3

puppetpuppetMatch2.6.4

puppetpuppetMatch2.6.5

puppetpuppetMatch2.6.6

puppetpuppetMatch2.6.7

puppetpuppetMatch2.6.8

puppetpuppetMatch2.6.9

puppetpuppetMatch2.6.10

puppetpuppetMatch2.6.11

puppetpuppetMatch2.6.12

puppetpuppetMatch2.6.13

puppetpuppetMatch2.6.14

puppetpuppetMatch2.6.15

puppetpuppetMatch2.7.2

puppetpuppetMatch2.7.3

puppetpuppetMatch2.7.4

puppetpuppetMatch2.7.5

puppetpuppetMatch2.7.6

puppetpuppetMatch2.7.7

puppetpuppetMatch2.7.8

puppetpuppetMatch2.7.9

puppetpuppetMatch2.7.10

puppetpuppetMatch2.7.11

puppetpuppetMatch2.7.12

puppetpuppetMatch2.7.13

puppetpuppetMatch2.7.14

puppetpuppetMatch2.7.16

puppetpuppetMatch2.7.17

puppetlabspuppetRange≤2.6.16

puppetlabspuppetMatch2.7.0

puppetlabspuppetMatch2.7.1

Node

debiandebian_linuxMatch6.0

Node

canonicalubuntu_linuxMatch10.04lts

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04lts

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

suselinux_enterprise_desktopMatch11sp1

suselinux_enterprise_desktopMatch11sp2

suselinux_enterprise_serverMatch11sp1

suselinux_enterprise_serverMatch11sp1vmware

suselinux_enterprise_serverMatch11sp2

Node

puppetpuppet_enterpriseRange≤2.5.1

CPENameOperatorVersion
puppet:puppetpuppeteq2.6.0
puppet:puppetpuppeteq2.6.1
puppet:puppetpuppeteq2.6.2
puppet:puppetpuppeteq2.6.3
puppet:puppetpuppeteq2.6.4
puppet:puppetpuppeteq2.6.5
puppet:puppetpuppeteq2.6.6
puppet:puppetpuppeteq2.6.7
puppet:puppetpuppeteq2.6.8
puppet:puppetpuppeteq2.6.9

CPE	Name	Operator	Version
puppet:puppet	puppet	eq	2.6.0
puppet:puppet	puppet	eq	2.6.1
puppet:puppet	puppet	eq	2.6.2
puppet:puppet	puppet	eq	2.6.3
puppet:puppet	puppet	eq	2.6.4
puppet:puppet	puppet	eq	2.6.5
puppet:puppet	puppet	eq	2.6.6
puppet:puppet	puppet	eq	2.6.7
puppet:puppet	puppet	eq	2.6.8
puppet:puppet	puppet	eq	2.6.9