The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:

Bug #13552

Puppet master will save files to any place on disk

Added by Anonymous over 3 years ago. Updated over 3 years ago.

Status:ClosedStart date:03/30/2012
Priority:HighDue date:
Assignee:-% Done:

0%

Category:security
Target version:2.7.13
Affected Puppet version: Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com


Description

By constructing a marshaled form of a Puppet::FileBucket::File object a user can cause it it to be written to any place on the disk of the puppet master. This could be used for a denial of service attach against the puppet master if an attacker fills a filesystem that can cause systems to stop working. In order to do this the attacker needs no access to the puppet master system, but does need access to agent SSL keys.

History

#1 Updated by Anonymous over 3 years ago

  • Assignee set to Anonymous

#2 Updated by Anonymous over 3 years ago

  • Status changed from Accepted to In Topic Branch Pending Review

Fixes in branches:

  • https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security
  • https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security

#3 Updated by Moses Mendoza over 3 years ago

  • Status changed from In Topic Branch Pending Review to Closed

#4 Updated by Moses Mendoza over 3 years ago

Released in 2.7.13, 2.6.15.

#5 Updated by Matthaus Owens over 3 years ago

  • Description updated (diff)

#6 Updated by Matthaus Owens over 3 years ago

  • Target version set to 2.7.13

#7 Updated by Matthaus Owens over 3 years ago

  • Private changed from Yes to No

Also available in: Atom PDF