Vigil@nce - Puppet: multiple vulnerabilities
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Puppet.
Impacted products: Puppet
Severity: 2/4
Creation date: 11/06/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Puppet.
An attacker can invite the victim to execute Puppet from a
directory containing a Trojan, in order to execute code.
[severity:2/4; CVE-2014-3248]
An attacker can obtain the list of facts for a node, in order to
obtain sensitive information. [severity:2/4; CVE-2014-3249]
An attacker can use a revoked certificate. [severity:2/4;
CVE-2014-3250]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Puppet-multiple-vulnerabilities-14886