CVE Vulnerabilities

CVE-2018-6508

Use of Externally-Controlled Format String

Published: Feb 09, 2018 | Modified: Nov 21, 2024
CVSS 3.x
8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
9 IMPORTANT
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Ubuntu
MEDIUM

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name Vendor Start Version End Version
Puppet_enterprise Puppet 2017.3.0 (including) 2017.3.2 (including)
Puppet-module-puppetlabs-apache Ubuntu artful *
Puppet-module-puppetlabs-apache Ubuntu bionic *
Puppet-module-puppetlabs-apache Ubuntu cosmic *
Puppet-module-puppetlabs-apache Ubuntu disco *
Puppet-module-puppetlabs-apache Ubuntu eoan *
Puppet-module-puppetlabs-apache Ubuntu focal *
Puppet-module-puppetlabs-apache Ubuntu groovy *
Puppet-module-puppetlabs-apache Ubuntu hirsute *
Puppet-module-puppetlabs-apache Ubuntu impish *
Puppet-module-puppetlabs-apache Ubuntu kinetic *
Puppet-module-puppetlabs-apache Ubuntu lunar *
Puppet-module-puppetlabs-apache Ubuntu mantic *
Puppet-module-puppetlabs-apache Ubuntu oracular *
Puppet-module-puppetlabs-apache Ubuntu trusty *
Puppet-module-puppetlabs-apache Ubuntu xenial *
Puppet-module-puppetlabs-apt Ubuntu artful *
Puppet-module-puppetlabs-apt Ubuntu bionic *
Puppet-module-puppetlabs-apt Ubuntu cosmic *
Puppet-module-puppetlabs-apt Ubuntu disco *
Puppet-module-puppetlabs-apt Ubuntu eoan *
Puppet-module-puppetlabs-apt Ubuntu focal *
Puppet-module-puppetlabs-apt Ubuntu groovy *
Puppet-module-puppetlabs-apt Ubuntu hirsute *
Puppet-module-puppetlabs-apt Ubuntu impish *
Puppet-module-puppetlabs-apt Ubuntu kinetic *
Puppet-module-puppetlabs-apt Ubuntu lunar *
Puppet-module-puppetlabs-apt Ubuntu mantic *
Puppet-module-puppetlabs-apt Ubuntu oracular *
Puppet-module-puppetlabs-apt Ubuntu trusty *
Puppet-module-puppetlabs-apt Ubuntu xenial *
Puppet-module-puppetlabs-mysql Ubuntu artful *
Puppet-module-puppetlabs-mysql Ubuntu bionic *
Puppet-module-puppetlabs-mysql Ubuntu cosmic *
Puppet-module-puppetlabs-mysql Ubuntu disco *
Puppet-module-puppetlabs-mysql Ubuntu eoan *
Puppet-module-puppetlabs-mysql Ubuntu focal *
Puppet-module-puppetlabs-mysql Ubuntu groovy *
Puppet-module-puppetlabs-mysql Ubuntu hirsute *
Puppet-module-puppetlabs-mysql Ubuntu impish *
Puppet-module-puppetlabs-mysql Ubuntu kinetic *
Puppet-module-puppetlabs-mysql Ubuntu lunar *
Puppet-module-puppetlabs-mysql Ubuntu mantic *
Puppet-module-puppetlabs-mysql Ubuntu oracular *
Puppet-module-puppetlabs-mysql Ubuntu trusty *
Puppet-module-puppetlabs-mysql Ubuntu xenial *

Potential Mitigations

References