Multiple Puppet Products YAML Deserialization CVE-2017-2295 Remote Code Execution Vulnerability

Bugtraq ID: 98582
Class: Input Validation Error
CVE: CVE-2017-2295
Remote: Yes
Local: No
Published: May 11 2017 12:00AM
Updated: Jun 05 2017 07:01PM
Credit: The vendor reported this issue.
Vulnerable: Ubuntu Ubuntu Linux 14.04 LTS
Puppetlabs Puppet Enterprise 2016.4.3
Puppetlabs Puppet Enterprise 2016.4
Puppetlabs Puppet Enterprise 2017.2
Puppetlabs Puppet Enterprise 2016.3
Puppetlabs Puppet Enterprise 2016.2
Puppetlabs Puppet Enterprise 2016.1
Puppetlabs Puppet Enterprise 2016.0
Puppetlabs Puppet Agent 1.10
Puppetlabs Puppet Agent 1.9.3
Puppetlabs Puppet Agent 1.9.2
Puppetlabs Puppet Agent 1.9.1
Puppetlabs Puppet Agent 1.9
Puppetlabs Puppet Agent 1.8.2
Puppetlabs Puppet Agent 1.8
Puppetlabs Puppet Agent 1.7.1
Puppetlabs Puppet Agent 1.7
Puppetlabs Puppet Agent 1.6.2
Puppetlabs Puppet Agent 1.6.1
Puppetlabs Puppet Agent 1.6
Puppetlabs Puppet Agent 1.5
Puppetlabs Puppet Agent 1.1.1
Puppetlabs Puppet Agent 1.4.2
Puppetlabs Puppet Agent 1.3.6
Puppetlabs Puppet Agent 1.3.4
Puppetlabs Puppet Agent 1.3.0
Puppetlabs Puppet Agent 1.0
Puppetlabs Puppet 4.10
Puppetlabs Puppet 4.9.4
Puppetlabs Puppet 4.9.3
Puppetlabs Puppet 4.9.2
Puppetlabs Puppet 4.9.1
Puppetlabs Puppet 4.9
Puppetlabs Puppet 4.8.2
Puppetlabs Puppet 4.8.1
Puppetlabs Puppet 4.8
Puppetlabs Puppet 4.7.1
Puppetlabs Puppet 4.7
Puppetlabs Puppet 4.6
Puppetlabs Puppet 4.5.3
Puppetlabs Puppet 4.5
Puppetlabs Puppet 4.0.1
Puppetlabs Puppet 4.4.2
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Puppetlabs Puppet Enterprise 2017.2.1
Puppetlabs Puppet Enterprise 2016.4.5
Puppetlabs Puppet Agent 1.10.1
Puppetlabs Puppet 4.10.1


 

Privacy Statement
Copyright 2010, SecurityFocus