CVE Vulnerabilities

CVE-2012-3867

Published: Aug 06, 2012 | Modified: Jul 10, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
4 LOW
AV:N/AC:H/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

Affected Software

Name Vendor Start Version End Version
Puppet Puppet 2.6.0 2.6.0
Puppet Puppet 2.6.1 2.6.1
Puppet Puppet 2.6.2 2.6.2
Puppet Puppet 2.6.3 2.6.3
Puppet Puppet 2.6.4 2.6.4
Puppet Puppet 2.6.5 2.6.5
Puppet Puppet 2.6.6 2.6.6
Puppet Puppet 2.6.7 2.6.7
Puppet Puppet 2.6.8 2.6.8
Puppet Puppet 2.6.9 2.6.9
Puppet Puppet 2.6.10 2.6.10
Puppet Puppet 2.6.11 2.6.11
Puppet Puppet 2.6.12 2.6.12
Puppet Puppet 2.6.13 2.6.13
Puppet Puppet 2.6.14 2.6.14
Puppet Puppet 2.6.15 2.6.15
Puppet Puppet 2.7.2 2.7.2
Puppet Puppet 2.7.3 2.7.3
Puppet Puppet 2.7.4 2.7.4
Puppet Puppet 2.7.5 2.7.5
Puppet Puppet 2.7.6 2.7.6
Puppet Puppet 2.7.7 2.7.7
Puppet Puppet 2.7.8 2.7.8
Puppet Puppet 2.7.9 2.7.9
Puppet Puppet 2.7.10 2.7.10
Puppet Puppet 2.7.11 2.7.11
Puppet Puppet 2.7.12 2.7.12
Puppet Puppet 2.7.13 2.7.13
Puppet Puppet 2.7.14 2.7.14
Puppet Puppet 2.7.16 2.7.16
Puppet Puppet 2.7.17 2.7.17
Puppet Puppetlabs * 2.6.16
Puppet Puppetlabs 2.7.0 2.7.0
Puppet Puppetlabs 2.7.1 2.7.1
CloudForms for RHEL 6 RedHat converge-ui-devel-0:1.0.4-1.el6cf *
CloudForms for RHEL 6 RedHat puppet-0:2.6.17-2.el6cf *
CloudForms for RHEL 6 RedHat rubygem-actionpack-1:3.0.10-10.el6cf *
CloudForms for RHEL 6 RedHat rubygem-activerecord-1:3.0.10-6.el6cf *
CloudForms for RHEL 6 RedHat rubygem-activesupport-1:3.0.10-4.el6cf *
CloudForms for RHEL 6 RedHat rubygem-chunky_png-0:1.2.0-3.el6cf *
CloudForms for RHEL 6 RedHat rubygem-compass-0:0.11.5-2.el6cf *
CloudForms for RHEL 6 RedHat rubygem-compass-960-plugin-0:0.10.4-2.el6cf *
CloudForms for RHEL 6 RedHat rubygem-delayed_job-0:2.1.4-2.el6cf *
CloudForms for RHEL 6 RedHat rubygem-ldap_fluff-0:0.1.3-1.el6_3 *
CloudForms for RHEL 6 RedHat rubygem-mail-0:2.3.0-3.el6cf *
CloudForms for RHEL 6 RedHat rubygem-net-ldap-0:0.1.1-3.el6cf *
Puppet Ubuntu devel *
Puppet Ubuntu hardy *
Puppet Ubuntu lucid *
Puppet Ubuntu natty *
Puppet Ubuntu oneiric *
Puppet Ubuntu precise *
Puppet Ubuntu upstream *

References