Remote Code Execution Vulnerability (CVE-2014-3248) for multiple Puppet Products)

Remote Code Execution Vulnerability (CVE-2014-3248) for multiple Puppet Products)

Release date:
Updated on:

Affected Systems:
Puppet Labs Puppet
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68035
CVE (CAN) ID: CVE-2014-3248
 
Puppet is an IT automation software that helps the system administrator manage the infrastructure.
 
Multiple Puppet products have the remote code execution vulnerability. After successful exploitation, attackers can execute arbitrary code in the application context.

Puppet Learning Series:

Puppet Learning 1: Installation and simple instance applications

Puppet 2: simple module configuration and application

Research on three Backup Recovery solutions for Puppet agent
Register your Puppet node in a safer way
Deep understanding of Puppet syntax and working mechanism through SSH Configuration
Puppet uses Nginx multiple ports for Load Balancing
C/S mode instance of Puppet in CentOS (5 and 6)
 
<* Source: Dennis Rowe
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Puppet Labs
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://puppetlabs.com/security

For more information about Puppet, click here.
Puppet: click here

This article permanently updates the link address: