CVE-2012-3867: Input Validation
First published: Wed Jul 11 2012(Updated: )
From puppet labs: <a href="https://access.redhat.com/security/cve/CVE-2012-3867">CVE-2012-3867</a> (Insufficient input validation) A bug in Puppet 2.6.16 and 2.7.17 uses insufficient input validation for agent certificate names. An attacker can trick the administrator into signing an attacker’s certificate rather than the intended one by constructing specially crafted certificate requests containing specific ANSI control sequences. It is possible to use the sequences to rewrite the order of text displayed to an administrator such that display of an invalid certificate and valid certificate are transposed. If the administrator signs the attacker’s certificate, the attacker can then man-in-the-middle the deployment’s agent nodes. Resolved in Puppet 2.6.17, 2.7.18
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/puppet | <2.6.17 | 2.6.17 |
| redhat/puppet | <2.7.18 | 2.7.18 |
| Puppet by Puppet Labs | =2.6.0 | |
| Puppet by Puppet Labs | =2.6.1 | |
| Puppet by Puppet Labs | =2.6.2 | |
| Puppet by Puppet Labs | =2.6.3 | |
| Puppet by Puppet Labs | =2.6.4 | |
| Puppet by Puppet Labs | =2.6.5 | |
| Puppet by Puppet Labs | =2.6.6 | |
| Puppet by Puppet Labs | =2.6.7 | |
| Puppet by Puppet Labs | =2.6.8 | |
| Puppet by Puppet Labs | =2.6.9 | |
| Puppet by Puppet Labs | =2.6.10 | |
| Puppet by Puppet Labs | =2.6.11 | |
| Puppet by Puppet Labs | =2.6.12 | |
| Puppet by Puppet Labs | =2.6.13 | |
| Puppet by Puppet Labs | =2.6.14 | |
| Puppet by Puppet Labs | =2.6.15 | |
| Puppet by Puppet Labs | =2.7.2 | |
| Puppet by Puppet Labs | =2.7.3 | |
| Puppet by Puppet Labs | =2.7.4 | |
| Puppet by Puppet Labs | =2.7.5 | |
| Puppet by Puppet Labs | =2.7.6 | |
| Puppet by Puppet Labs | =2.7.7 | |
| Puppet by Puppet Labs | =2.7.8 | |
| Puppet by Puppet Labs | =2.7.9 | |
| Puppet by Puppet Labs | =2.7.10 | |
| Puppet by Puppet Labs | =2.7.11 | |
| Puppet by Puppet Labs | =2.7.12 | |
| Puppet by Puppet Labs | =2.7.13 | |
| Puppet by Puppet Labs | =2.7.14 | |
| Puppet by Puppet Labs | =2.7.16 | |
| Puppet by Puppet Labs | =2.7.17 | |
| Puppet by Puppet Labs | <=2.6.16 | |
| Puppet by Puppet Labs | =2.7.0 | |
| Puppet by Puppet Labs | =2.7.1 | |
| Debian GNU/Linux | =6.0 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =11.04 | |
| Ubuntu Linux | =11.10 | |
| Ubuntu Linux | =12.04 | |
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp1 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp2 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| suse linux enterprise server vmware | =11-sp1 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| Puppetlabs Puppet Enterprise | <=2.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2012-3867
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=839168
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=839171
- http://puppetlabs.com/security/cve/cve-2012-3867/
- https://github.com/puppetlabs/puppet/commit/dfedaa5
- https://github.com/puppetlabs/puppet/commit/9607bd7
- https://github.com/puppetlabs/puppet/commit/0144e68
- https://github.com/puppetlabs/puppet/commit/4d7c9fd
- https://github.com/puppetlabs/puppet/commit/bd2820e
- https://github.com/puppetlabs/puppet/commit/f341962
- https://rhn.redhat.com/errata/RHSA-2012-1542.html
- https://bugzilla.redhat.com/show_bug.cgi?id=839158
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
- http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
- http://secunia.com/advisories/50014
- http://www.debian.org/security/2012/dsa-2511
- http://www.ubuntu.com/usn/USN-1506-1
- https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
- https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
Frequently Asked Questions
What is the severity of CVE-2012-3867?
CVE-2012-3867 has a moderate level of severity due to insufficient input validation in Puppet.
How do I fix CVE-2012-3867?
To fix CVE-2012-3867, upgrade Puppet to version 2.6.17 or 2.7.18 or later.
Which versions of Puppet are affected by CVE-2012-3867?
CVE-2012-3867 affects Puppet versions 2.6.16 and 2.7.17 and earlier.
What type of vulnerability is CVE-2012-3867?
CVE-2012-3867 is classified as an insufficient input validation vulnerability.
Can an attacker exploit CVE-2012-3867 remotely?
Yes, an attacker with local access could exploit CVE-2012-3867 by tricking an administrator into signing a malicious certificate.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-3867
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/puppet
- canonical/puppet by puppet labs
- version/puppet by puppet labs/2.6.0
- version/puppet by puppet labs/2.6.1
- version/puppet by puppet labs/2.6.2
- version/puppet by puppet labs/2.6.3
- version/puppet by puppet labs/2.6.4
- version/puppet by puppet labs/2.6.5
- version/puppet by puppet labs/2.6.6
- version/puppet by puppet labs/2.6.7
- version/puppet by puppet labs/2.6.8
- version/puppet by puppet labs/2.6.9
- version/puppet by puppet labs/2.6.10
- version/puppet by puppet labs/2.6.11
- version/puppet by puppet labs/2.6.12
- version/puppet by puppet labs/2.6.13
- version/puppet by puppet labs/2.6.14
- version/puppet by puppet labs/2.6.15
- version/puppet by puppet labs/2.7.2
- version/puppet by puppet labs/2.7.3
- version/puppet by puppet labs/2.7.4
- version/puppet by puppet labs/2.7.5
- version/puppet by puppet labs/2.7.6
- version/puppet by puppet labs/2.7.7
- version/puppet by puppet labs/2.7.8
- version/puppet by puppet labs/2.7.9
- version/puppet by puppet labs/2.7.10
- version/puppet by puppet labs/2.7.11
- version/puppet by puppet labs/2.7.12
- version/puppet by puppet labs/2.7.13
- version/puppet by puppet labs/2.7.14
- version/puppet by puppet labs/2.7.16
- version/puppet by puppet labs/2.7.17
- vendor/puppetlabs
- version/puppet by puppet labs/2.6.16
- version/puppet by puppet labs/2.7.0
- version/puppet by puppet labs/2.7.1
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/6.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/11.04
- version/ubuntu linux/11.10
- version/ubuntu linux/12.04
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp1
- version/suse linux enterprise desktop with beagle/11-sp2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp1
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp1
- version/suse linux enterprise server/11-sp2
- canonical/puppetlabs puppet enterprise
- version/puppetlabs puppet enterprise/2.5.1