CVE-2011-3872: Input Validation
First published: Thu Oct 27 2011(Updated: )
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Puppetlabs Puppet | =2.7.0 | |
| Puppetlabs Puppet | =2.7.1 | |
| Puppet Puppet | =2.6.0 | |
| Puppet Puppet | =2.6.1 | |
| Puppet Puppet | =2.6.2 | |
| Puppet Puppet | =2.6.3 | |
| Puppet Puppet | =2.6.4 | |
| Puppet Puppet | =2.6.5 | |
| Puppet Puppet | =2.6.6 | |
| Puppet Puppet | =2.6.7 | |
| Puppet Puppet | =2.6.8 | |
| Puppet Puppet | =2.6.9 | |
| Puppet Puppet | =2.6.10 | |
| Puppet Puppet | =2.6.11 | |
| Puppet Puppet | =2.7.2 | |
| Puppet Puppet | =2.7.3 | |
| Puppet Puppet | =2.7.4 | |
| Puppet Puppet | =2.7.5 | |
| Puppetlabs Puppet Enterprise Users | =1.0 | |
| Puppetlabs Puppet Enterprise Users | =1.1 | |
| Puppet Puppet Enterprise | =1.2.0 | |
| Puppet Puppet Enterprise | =1.2.1 | |
| Puppet Puppet Enterprise | =1.2.2 | |
| Puppet Puppet Enterprise | =1.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://groups.google.com/group/puppet-announce/browse_thread/thread/e7edc3a71348f3e1
- http://secunia.com/advisories/46578
- http://www.ubuntu.com/usn/USN-1238-1
- http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/
- http://www.ubuntu.com/usn/USN-1238-2
- http://secunia.com/advisories/46550
- http://www.securityfocus.com/bid/50356
- http://secunia.com/advisories/46934
- http://secunia.com/advisories/46964
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70970
- https://puppet.com/security/cve/cve-2011-3872
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/puppetlabs
- canonical/puppetlabs puppet
- version/puppetlabs puppet/2.7.0
- version/puppetlabs puppet/2.7.1
- vendor/puppet
- canonical/puppet puppet
- version/puppet puppet/2.6.0
- version/puppet puppet/2.6.1
- version/puppet puppet/2.6.2
- version/puppet puppet/2.6.3
- version/puppet puppet/2.6.4
- version/puppet puppet/2.6.5
- version/puppet puppet/2.6.6
- version/puppet puppet/2.6.7
- version/puppet puppet/2.6.8
- version/puppet puppet/2.6.9
- version/puppet puppet/2.6.10
- version/puppet puppet/2.6.11
- version/puppet puppet/2.7.2
- version/puppet puppet/2.7.3
- version/puppet puppet/2.7.4
- version/puppet puppet/2.7.5
- canonical/puppetlabs puppet enterprise users
- version/puppetlabs puppet enterprise users/1.0
- version/puppetlabs puppet enterprise users/1.1
- canonical/puppet puppet enterprise
- version/puppet puppet enterprise/1.2.0
- version/puppet puppet enterprise/1.2.1
- version/puppet puppet enterprise/1.2.2
- version/puppet puppet enterprise/1.2.3