← Back

CVE-2012-3867

nvd nist
Published: Aug 6, 2012Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

Affected (47)

Show all products
Puppet: Puppet, Puppet Enterprise · Puppetlabs: Puppet · Debian: Debian Linux · Canonical: Ubuntu Linux · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Server
Puppet
2 products
Puppet
Puppet Enterprise
Puppetlabs
1 product
Puppet
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Opensuse
1 product
Opensuse
Suse
2 products
Linux Enterprise Desktop
Linux Enterprise Server
Configuration A
34 vulnerable
Vulnerable SoftwareAffected Versions
Puppet
Puppet
Version 2.6.0
Puppet
Version 2.6.10
Puppet
Version 2.6.11
Puppet
Version 2.6.12
Puppet
Version 2.6.13
Puppet
Version 2.6.14
Puppet
Version 2.6.15
Puppet
Version 2.6.1
Puppet
Version 2.6.2
Puppet
Version 2.6.3
Puppet
Version 2.6.4
Puppet
Version 2.6.5
Puppet
Version 2.6.6
Puppet
Version 2.6.7
Puppet
Version 2.6.8
Puppet
Version 2.6.9
Puppet
Version 2.7.10
Puppet
Version 2.7.11
Puppet
Version 2.7.12
Puppet
Version 2.7.13
Puppet
Version 2.7.14
Puppet
Version 2.7.16
Puppet
Version 2.7.17
Puppet
Version 2.7.2
Puppet
Version 2.7.3
Puppet
Version 2.7.4
Puppet
Version 2.7.5
Puppet
Version 2.7.6
Puppet
Version 2.7.7
Puppet
Version 2.7.8
Puppet
Version 2.7.9
Puppetlabs
Puppet
Up to 2.6.16
Puppet
Version 2.7.0
Puppet
Version 2.7.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 6.0
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 10.04
Ubuntu Linux
Version 11.04
Ubuntu Linux
Version 11.10
Ubuntu Linux
Version 12.04
Configuration D
7 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 11.4
Opensuse
Version 12.1
Suse
Linux Enterprise Desktop
Version 11 sp1
Linux Enterprise Desktop
Version 11 sp2
Suse
Linux Enterprise Server
Version 11 sp1
Linux Enterprise Server
Version 11 sp1
Linux Enterprise Server
Version 11 sp2
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Puppet Enterprise
Up to 2.5.1

Related CWEs

CWE-264
CWE-264

References (18)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Issue Tracking
Source: cve@mitre.org
ExploitIssue TrackingPatch
Source: cve@mitre.org
ExploitIssue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatch

Timeline

No history available yet.