First Last Prev Next    This bug is not in your last search results.
Bug 1080523 - (CVE-2018-6508) VUL-1: CVE-2018-6508: puppet: Unparameterized input in multiple modules can allow a remote user to execute arbitrary code
(CVE-2018-6508)
VUL-1: CVE-2018-6508: puppet: Unparameterized input in multiple modules can a...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/199680/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-12 07:25 UTC by Alexander Bergmann
Modified: 2018-02-12 07:26 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-02-12 07:25:14 UTC 
rh#1542831

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote
execution bug when a specially crafted string was passed into the facter_task or
puppet_conf tasks. This vulnerability only affects tasks in the affected
modules, if you are not using puppet tasks you are not affected by this
vulnerability.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1542831
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6508
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6508.html
https://puppet.com/security/cve/CVE-2018-6508
Comment 1 Alexander Bergmann 2018-02-12 07:26:33 UTC 
This issue does not affect core puppet. Only specific modules are affected that are not part of SLE or openSUSE.
First Last Prev Next    This bug is not in your last search results.