CVE-2012-1987
N/A
N/A
Summary
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
- http://puppetlabs.com/security/cve/cve-2012-1987/
- http://projects.puppetlabs.com/issues/13552
- http://ubuntu.com/usn/usn-1419-1
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
- https://hermes.opensuse.org/messages/14523305
- http://secunia.com/advisories/48743
- http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/
- http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
- http://secunia.com/advisories/49136
- http://www.osvdb.org/81308
- http://www.securityfocus.com/bid/52975
- http://secunia.com/advisories/48748
- http://www.debian.org/security/2012/dsa-2451
- http://projects.puppetlabs.com/issues/13553
- https://hermes.opensuse.org/messages/15087408
- http://secunia.com/advisories/48789
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
- http://puppetlabs.com/security/cve/cve-2012-1987/
- http://projects.puppetlabs.com/issues/13552
- http://ubuntu.com/usn/usn-1419-1
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
- https://hermes.opensuse.org/messages/14523305
- http://secunia.com/advisories/48743
- http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/
- http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
- http://secunia.com/advisories/49136
- http://www.osvdb.org/81308
- http://www.securityfocus.com/bid/52975
- http://secunia.com/advisories/48748
- http://www.debian.org/security/2012/dsa-2451
- http://projects.puppetlabs.com/issues/13553
- https://hermes.opensuse.org/messages/15087408
- http://secunia.com/advisories/48789
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.