Vigil@nce - Puppet Labs Puppet: code execution via pxp-module-puppet
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can tamper with the environment of the program
pxp-module-puppet of Puppet Labs Puppet, in order to run code.
Impacted products: Puppet.
Severity: 1/4.
Creation date: 12/08/2016.
DESCRIPTION OF THE VULNERABILITY
The Puppet Labs Puppet Agent uses its environment.
However, its does not check or filter it. An attacker can tamper
with it in order to run code. Technical details are unknown.
An attacker can therefore tamper with the environment of the
program pxp-module-puppet of Puppet Labs Puppet, in order to run
code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Puppet-Labs-Puppet-code-execution-via-pxp-module-puppet-20373