OSVDB ID: 81309

Title: Puppet File Bucket Request Parsing Arbitrary Shell Command Execution

Info

Disclosure
Apr 11, 2012

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Apr 11, 2012

Description

 Puppet contains a flaw related to the parsing of file bucket requests. The Puppet::FileBucket::File object does not sanitize user-supplied input allowing for files to be written to arbitrary locations, or writing to a world-writable location that matches a command string leading to command execution.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS, Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

 Upgrade to version 2.6.15 or 2.7.13 or 2.5.1 for Enterprise or higher, as they have been reported to fix this vulnerability. In addition, the vendor has released a patch for some older versions.

Products

Puppet Labs

Puppet

 2.6.14
2.7.12

Puppet Enterprise

 2.5.0
1.0
1.1
1.2.x
2.0.x

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/81309