The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com
Puppet master can be cause to read data until it is out of memory
|Affected Puppet version:||Branch:|
Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com
Using the symlink attack described in Bug #13511 the puppet master can be caused to read from a stream (e.g. /dev/random) when either trying to save a file or read a file. Because of the way in which the puppet master deals with sending files on the filesystem to a remote system via a REST request the thread handling the request will block forever reading from that stream and continually consuming more memory. This can lead to the puppet master system running out of memory and cause a denial of service.
#2 Updated by Anonymous almost 3 years ago
- Status changed from Accepted to In Topic Branch Pending Review
Fixes in branches: