Oval Definition:oval:com.ubuntu.bionic:def:201432480000000
Revision Date:2014-11-16Version:1
Title:CVE-2014-3248 on Ubuntu 18.04 LTS (bionic) - low.
Description:Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2014-3248
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND Package Information
  • facter package in bionic, is related to the CVE in some way and has been fixed (note: '2.0.1-1ubuntu1').
  • OR mcollective package in bionic, is related to the CVE in some way and has been fixed (note: '2.5.2+dfsg-1').
  • OR puppet package in bionic, is related to the CVE in some way and has been fixed (note: '3.8.5-2').
  • BACK