CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

CVSS v2.0 6.2 MEDIUM

6.2^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 1.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/	Exploit Technical Description
http://secunia.com/advisories/59197	Technical Description
http://www.securityfocus.com/bid/68035	Third Party Advisory VDB Entry
http://secunia.com/advisories/59200	Technical Description
http://puppetlabs.com/security/cve/cve-2014-3248	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:puppetlabs:facter::::::::
	cpe:2.3:a:puppet:facter:2.0.1:rc2::::::
	cpe:2.3:a:puppet:facter:2.0.1:rc4::::::
	cpe:2.3:a:puppet:facter:2.0.0:rc2::::::
	cpe:2.3:a:puppet:facter:2.0.0:rc3::::::
	cpe:2.3:a:puppet:facter:2.0.0:rc4::::::
	cpe:2.3:a:puppet:facter:2.0.1:-::::::
	cpe:2.3:a:puppet:facter:2.0.0:rc1::::::
	cpe:2.3:a:puppet:facter:2.0.1:rc1::::::
	cpe:2.3:a:puppet:facter:2.0.1:rc3::::::

Configuration 2 (hide)

cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:puppet:puppet::::::::
	cpe:2.3:a:puppet:puppet_enterprise::::::::
	cpe:2.3:a:puppet:puppet::::::::

Information

Published : 2014-11-16 09:59

Updated : 2019-07-16 05:22

NVD link : CVE-2014-3248

Mitre link : CVE-2014-3248

JSON object : View

CWE

CWE-17

DEPRECATED: Code

Products Affected

puppet

facter
puppet
hiera
marionette_collective
puppet_enterprise

puppetlabs

facter

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "tags": ["Exploit", "Technical Description"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/59197", "name": "59197", "tags": ["Technical Description"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/68035", "name": "68035", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/59200", "name": "59200", "tags": ["Technical Description"], "refsource": "SECUNIA"}, {"url": "http://puppetlabs.com/security/cve/cve-2014-3248", "name": "http://puppetlabs.com/security/cve/cve-2014-3248", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-17"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3248", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-11-16T17:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.6.18", "versionStartIncluding": "1.6.0"}, {"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.5.2"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.3.4"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.7.26"}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.8.7", "versionStartIncluding": "2.8.0"}, {"cpe23Uri": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.6.2", "versionStartIncluding": "3.6.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-07-16T12:22Z"}

6.2 /10