The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #13553

Puppet master can be cause to read data until it is out of memory

Added by Anonymous about 3 years ago. Updated about 3 years ago.

Status:ClosedStart date:03/30/2012
Priority:HighDue date:
Assignee:-% Done:

0%

Category:security
Target version:2.7.13
Affected Puppet version: Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com


Description

Using the symlink attack described in Bug #13511 the puppet master can be caused to read from a stream (e.g. /dev/random) when either trying to save a file or read a file. Because of the way in which the puppet master deals with sending files on the filesystem to a remote system via a REST request the thread handling the request will block forever reading from that stream and continually consuming more memory. This can lead to the puppet master system running out of memory and cause a denial of service.

History

#1 Updated by Anonymous about 3 years ago

  • Status changed from Unreviewed to Accepted
  • Assignee set to Anonymous

#2 Updated by Anonymous about 3 years ago

  • Status changed from Accepted to In Topic Branch Pending Review

Fixes in branches:

  • https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security
  • https://github.com/puppetlabs/puppet-cve-test/tree/security/2.6.14/filebucket-bucket-path-security

#3 Updated by Anonymous about 3 years ago

  • Private changed from No to Yes

#4 Updated by Moses Mendoza about 3 years ago

  • Status changed from In Topic Branch Pending Review to Closed

Released in 2.7.13, 2.6.15

#5 Updated by Matthaus Owens about 3 years ago

  • Description updated (diff)

#6 Updated by Matthaus Owens about 3 years ago

  • Target version set to 2.7.13
  • Private changed from Yes to No

Also available in: Atom PDF