Vulnerability Details : CVE-2012-1988
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
Products affected by CVE-2012-1988
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1988
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1988
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2012-1988
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1988
-
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
Eek! Sorry for the 404. | PuppetBroken Link
-
http://puppetlabs.com/security/cve/cve-2012-1988/
CVE-2012-1988 | PuppetBroken Link;Vendor Advisory
-
http://secunia.com/advisories/48748
Sign inBroken Link;Vendor Advisory
-
http://www.osvdb.org/81309
404 Not FoundBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
Puppet file bucket command execution CVE-2012-1988 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2012/dsa-2451
Debian -- Security Information -- DSA-2451-1 puppetThird Party Advisory
-
http://secunia.com/advisories/48743
Sign inBroken Link;Vendor Advisory
-
http://www.securityfocus.com/bid/52975
Puppet Multiple Security VulnerabilitiesBroken Link;Third Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
[SECURITY] Fedora 17 Update: puppet-2.7.13-1.fc17Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
[SECURITY] Fedora 16 Update: puppet-2.6.16-1.fc16Mailing List;Third Party Advisory
-
https://hermes.opensuse.org/messages/14523305
openSUSE.org - 503Broken Link
-
http://projects.puppetlabs.com/issues/13518
Bug #13518: file bucket request can execute arbitrary commands as puppet master - Puppet - Puppet LabsBroken Link;Vendor Advisory
-
https://hermes.opensuse.org/messages/15087408
openSUSE.org - 503Broken Link
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
[SECURITY] Fedora 15 Update: puppet-2.6.16-1.fc15Mailing List;Third Party Advisory
-
http://secunia.com/advisories/48789
Sign inBroken Link;Vendor Advisory
-
http://secunia.com/advisories/49136
Sign inBroken Link;Vendor Advisory
-
http://ubuntu.com/usn/usn-1419-1
USN-1419-1: Puppet vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to