CVE-2014-3248
6.2
Vector
AV:L/AC:H/Au:N/C:C/I:C/A:C
Exploitability: 1.9 / Impact: 10.0
Source: NVD
Description
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Affected (15)
Products: Puppet: Facter, Marionette Collective, Hiera, Puppet, Puppet Enterprise · Puppetlabs: Facter
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.0.0 rc1 | |
| From 1.6.0 to 1.6.18 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.5.2 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.7.26 | |
| From 2.8.0 to 2.8.7 |
Related CWEs
References (10)
Source: cve@mitre.org
ExploitTechnical Description
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitTechnical Description
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Timeline
No history available yet.