Vigil@nce - Puppet: code execution via mcollective-puppet-agent
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the "—server" option of
mcollective-puppet-agent, to connect to a malicious server, in
order to run code.
Impacted products: Puppet.
Severity: 1/4.
Creation date: 10/08/2016.
DESCRIPTION OF THE VULNERABILITY
The Puppet product uses the mcollective-puppet-agent plugin as an
interface to MCollective (Marionette Collective, parallel
job-execution).
This agent can send the "—server" option to MCollective. However,
an attacker can use this parameter to force MCollective to connect
to a malicious server, which leads to arbitrary code execution.
An attacker can therefore use the "—server" option of
mcollective-puppet-agent, to connect to a malicious server, in
order to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Puppet-code-execution-via-mcollective-puppet-agent-20356