FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-3867

This CVE name corresponds to:

Entered Topic
2012-12-30 puppet -- multiple vulnerabilities
2012-07-10 puppet -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-3867
Phase Assigned(20120706)

Description

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

References

Source Reference
CONFIRM http://puppetlabs.com/security/cve/cve-2012-3867/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=839158
CONFIRM https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
CONFIRM https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
DEBIAN DSA-2511
SUSE SUSE-SU-2012:0983
UBUNTU USN-1506-1