Puppet 'certdnsnames' Certificate Validation Security Bypass Vulnerability

Bugtraq ID: 50356
Class: Design Error
CVE: CVE-2011-3872
Remote: Yes
Local: No
Published: Oct 25 2011 12:00AM
Updated: Mar 06 2012 05:00PM
Credit: The vendor reported this issue.
Vulnerable: Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 11.04
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.10
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 LTS
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Red Hat Fedora 16
Red Hat Fedora 15
Red Hat Fedora 14
Puppet Labs Puppet 2.7.5
Puppet Labs Puppet 2.7.4
Puppet Labs Puppet 2.6.11
Puppet Labs Puppet 2.6.10
Puppet Labs Puppet 2.6.4
Puppet Labs Puppet 2.6.3
Puppet Labs Puppet 2.6
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Puppet Labs Puppet 4.0.1


 

Privacy Statement
Copyright 2010, SecurityFocus