Puppet X.509 Certificate Signing Requests Directory Traversal Vulnerability

Bugtraq ID: 49860
Class: Input Validation Error
CVE: CVE-2011-3848
Remote: Yes
Local: No
Published: Sep 28 2011 12:00AM
Updated: Mar 19 2015 08:30AM
Credit: Kristian Erik Hermansen
Vulnerable: Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Puppetlabs Puppet Enterprise 1.2
Puppetlabs Puppet Enterprise 1.1
Puppetlabs Puppet Enterprise 1.0
Puppetlabs Puppet 2.6.4
Puppetlabs Puppet 2.6.3
Puppetlabs Puppet 2.6
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Puppetlabs Puppet 2.7.4
Puppetlabs Puppet 2.6.10


 

Privacy Statement
Copyright 2010, SecurityFocus