Launchpad.net

CVE 2012-3867

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

Related bugs and status

CVE-2012-3867 (Candidate) is related to these bugs:

Bug #1023931: (CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})

		In	Importance	Status
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	Gentoo Linux	Low	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Lucid)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Natty)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Quantal)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Oneiric)	Undecided	Fix Released
1023931	(CVE-2012-3864) puppet: multiple vulnerabilities for 2.7.17 and earlier releases (CVE-(2012-{3408,3864,3865,3866,3867})	puppet (Ubuntu Precise)	Undecided	Fix Released

Bug #1068145: Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break

		In	Importance	Status
1068145	Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break	puppet (Ubuntu)	High	Fix Released
1068145	Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break	puppet (Ubuntu Precise)	High	Won't Fix
1068145	Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break	puppet (Ubuntu Quantal)	High	Won't Fix
1068145	Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break	puppet (Ubuntu Raring)	High	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3867

Related bugs and status

Related bugs

References