Launchpad.net

CVE 2012-3408

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.

Related bugs and status

CVE-2012-3408 (Candidate) is related to these bugs:

Bug #1023931: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})

		In	Importance	Status
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	Gentoo Linux	Low	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Lucid)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Natty)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Quantal)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Oneiric)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3408

Related bugs and status

Related bugs

References