Main Vulnerability Database SB2014012805

SB2014012805 - SUSE Linux update for puppet

Published: January 28, 2014

Security Bulletin ID SB2014012805

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2013-4761)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html