Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2014-3251
HistoryAug 12, 2014 - 11:55 p.m.

CVE-2014-3251

2014-08-1223:55:03
Debian Security Bug Tracker
security-tracker.debian.org
8

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

OSVersionArchitecturePackageVersionFilename
Debian12allmcollective< 2.6.0+dfsg-1mcollective_2.6.0+dfsg-1_all.deb
Debian11allmcollective< 2.6.0+dfsg-1mcollective_2.6.0+dfsg-1_all.deb

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%