Launchpad.net

CVE 2011-3848

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.

Related bugs and status

CVE-2011-3848 (Candidate) is related to these bugs:

Bug #861182: Remote directory traversal, allows write to arbitrary locations

		In	Importance	Status
861182	Remote directory traversal, allows write to arbitrary locations	puppet (Ubuntu)	High	Fix Released
861182	Remote directory traversal, allows write to arbitrary locations	puppet (Ubuntu Hardy)	High	Won't Fix
861182	Remote directory traversal, allows write to arbitrary locations	puppet (Ubuntu Lucid)	High	Fix Released
861182	Remote directory traversal, allows write to arbitrary locations	puppet (Ubuntu Maverick)	High	Fix Released
861182	Remote directory traversal, allows write to arbitrary locations	puppet (Ubuntu Oneiric)	High	Fix Released
861182	Remote directory traversal, allows write to arbitrary locations	puppet (Ubuntu Natty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-3848

Related bugs and status

Related bugs

References