Описание
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| puppet-module-puppetlabs-apt | fixed | 4.5.1-1 | package | |
| puppet-module-puppetlabs-apache | fixed | 3.0.0-1 | package | |
| puppet-module-puppetlabs-mysql | fixed | 5.3.0-1 | package |
Примечания
https://puppet.com/security/cve/CVE-2018-6508
Issue in various puppet modules: facter_task, puppet_conf, apt, apache and mysql modules
https://github.com/puppetlabs/puppetlabs-facter_task/commit/dd37c72e78c8a37e671e20becb05d6ceafdbd81c
https://github.com/puppetlabs/puppetlabs-puppet_conf/commit/ba434605717e16d935cba45ab38ca5866780a36b
https://github.com/puppetlabs/puppetlabs-apt/commit/81879be960d5723016e3d0b4ff155ee704261bbc
https://github.com/puppetlabs/puppetlabs-apache/commit/81bc5119ceced1faa4bf261efa4b7cd3731ef3ef
https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c
This is only exploitable with Puppet Tasks, which aren't packaged/available in Debian
EPSS
Связанные уязвимости
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
EPSS