Vulnerability CVE-2012-1986

Vulnerability Name:

CVE-2012-1986 (CCN-74794)

Assigned:

2012-04-11

Published:

2012-04-11

Updated:

2019-07-11

Summary:

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N)
1.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2012-1986

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-5999

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-6055

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-6674

Source: MISC
Type: UNKNOWN
http://projects.puppetlabs.com/issues/13511

Source: CONFIRM
Type: UNKNOWN
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

Source: CCN
Type: Puppet Labs Web site
CVE-2012-1986 (Arbitrary File Read Access)

Source: CONFIRM
Type: Vendor Advisory
http://puppetlabs.com/security/cve/cve-2012-1986/

Source: CCN
Type: RHSA-2012-1542
Moderate: CloudForms Commons 1.1 security update

Source: CCN
Type: SA48743
Puppet Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
48743

Source: SECUNIA
Type: Vendor Advisory
48748

Source: SECUNIA
Type: Vendor Advisory
48789

Source: SECUNIA
Type: Vendor Advisory
49136

Source: UBUNTU
Type: UNKNOWN
USN-1419-1

Source: DEBIAN
Type: UNKNOWN
DSA-2451

Source: DEBIAN
Type: DSA-2451
puppet -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 81307
Puppet Remote Filebucket Rest Request Parsing Symlink Arbitrary File Access

Source: BID
Type: UNKNOWN
52975

Source: CCN
Type: BID-52975
Puppet Multiple Security Vulnerabilities

Source: XF
Type: UNKNOWN
puppet-rest-symlink(74794)

Source: XF
Type: UNKNOWN
puppet-rest-symlink(74794)

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:0608

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:0835

Vulnerable Configuration:

Configuration 1:

cpe:/a:puppet:puppet:2.6.0:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.3:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.4:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.5:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.6:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.7:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.8:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.9:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.10:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.11:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.12:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.13:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.14:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:puppet:puppet:2.7.2:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.3:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.4:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.5:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.6:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.7:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.8:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.9:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.10:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.11:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet_enterprise:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.1:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*

OR cpe:/a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:puppet:puppet:2.7.4:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.10:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.10:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.7.5:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.13:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.11:*:*:*:*:*:*:*

OR cpe:/a:puppet:puppet:2.6.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20121986	V	CVE-2012-1986	2022-05-20
oval:org.mitre.oval:def:17851	P	USN-1419-1 -- puppet vulnerabilities	2014-06-30
oval:org.mitre.oval:def:18629	P	DSA-2451-1 puppet - several	2014-06-23

BACK