The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #13553

Puppet master can be cause to read data until it is out of memory

Added by Anonymous over 2 years ago. Updated over 2 years ago.

Status:ClosedStart date:03/30/2012
Priority:HighDue date:
Assignee:-% Done:

0%

Category:security
Target version:2.7.13
Affected Puppet version: Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

Using the symlink attack described in Bug #13511 the puppet master can be caused to read from a stream (e.g. /dev/random) when either trying to save a file or read a file. Because of the way in which the puppet master deals with sending files on the filesystem to a remote system via a REST request the thread handling the request will block forever reading from that stream and continually consuming more memory. This can lead to the puppet master system running out of memory and cause a denial of service.

History

#1 Updated by Anonymous over 2 years ago

  • Status changed from Unreviewed to Accepted
  • Assignee set to Anonymous

#2 Updated by Anonymous over 2 years ago

  • Status changed from Accepted to In Topic Branch Pending Review

Fixes in branches:

  • https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security
  • https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security

#3 Updated by Anonymous over 2 years ago

  • Private changed from No to Yes

#4 Updated by Moses Mendoza over 2 years ago

  • Status changed from In Topic Branch Pending Review to Closed

Released in 2.7.13, 2.6.15

#5 Updated by Matthaus Owens over 2 years ago

  • Description updated (diff)

#6 Updated by Matthaus Owens over 2 years ago

  • Target version set to 2.7.13
  • Private changed from Yes to No

Also available in: Atom PDF