Описание
Puppet Improper Input Validation vulnerability
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-1655
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml
- https://puppetlabs.com/security/cve/cve-2013-1655
- https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442
- https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
- http://ubuntu.com/usn/usn-1759-1
- http://www.debian.org/security/2013/dsa-2643
Пакеты
puppet
>= 2.7.0, < 2.7.21
2.7.21
puppet
>= 3.1.0, < 3.1.1
3.1.1
Связанные уязвимости
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1 ...
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации