CVE-2013-3567

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
http://rhn.redhat.com/errata/RHSA-2013-1283.html
http://rhn.redhat.com/errata/RHSA-2013-1284.html
http://secunia.com/advisories/54429	Vendor Advisory
http://www.debian.org/security/2013/dsa-2715
http://www.ubuntu.com/usn/USN-1886-1
https://puppetlabs.com/security/cve/cve-2013-3567/	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
http://rhn.redhat.com/errata/RHSA-2013-1283.html
http://rhn.redhat.com/errata/RHSA-2013-1284.html
http://secunia.com/advisories/54429	Vendor Advisory
http://www.debian.org/security/2013/dsa-2715
http://www.ubuntu.com/usn/USN-1886-1
https://puppetlabs.com/security/cve/cve-2013-3567/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:puppet:puppet:2.7.2:::::::*
	cpe:2.3:a:puppet:puppet:2.7.10:::::::*
	cpe:2.3:a:puppet:puppet:2.7.11:::::::*
	cpe:2.3:a:puppet:puppet:2.7.12:::::::*
	cpe:2.3:a:puppet:puppet:2.7.13:::::::*
	cpe:2.3:a:puppet:puppet:2.7.14:::::::*
	cpe:2.3:a:puppet:puppet:2.7.16:::::::*
	cpe:2.3:a:puppet:puppet:2.7.17:::::::*
	cpe:2.3:a:puppet:puppet:2.7.18:::::::*
	cpe:2.3:a:puppet:puppet:2.7.21:::::::*
	cpe:2.3:a:puppet:puppet:3.2.1:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.0:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.1:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.19:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.20:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1::::::
	cpe:2.3:a:puppetlabs:puppet:3.2.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:novell:suse_linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp2::::::
	cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2::::vmware::*
	cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3::::::
	cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3::::vmware::*

Configuration 4 (hide)

OR	cpe:2.3:a:puppet:puppet_enterprise::::::::
	cpe:2.3:a:puppet:puppet_enterprise:1.0:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.1:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:1.2.0:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.0.0:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.5.1:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.5.2:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.8.0:::::::*
	cpe:2.3:a:puppetlabs:puppet:1.0.0:-:enterprise:::::*
	cpe:2.3:a:puppetlabs:puppet:1.1.0:-:enterprise:::::*
	cpe:2.3:a:puppetlabs:puppet:1.2.0:-:enterprise:::::*
	cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:::::*
	cpe:2.3:a:puppetlabs:puppet:2.6.0:-:enterprise:::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:::::*
	cpe:2.3:a:puppetlabs:puppet:2.7.2:-:enterprise:::::*

History

21 Nov 2024, 01:53

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html -
References	~~() http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2013-1283.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-1283.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2013-1284.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-1284.html -
References	~~() http://secunia.com/advisories/54429 - Vendor Advisory~~	() http://secunia.com/advisories/54429 - Vendor Advisory
References	~~() http://www.debian.org/security/2013/dsa-2715 -~~	() http://www.debian.org/security/2013/dsa-2715 -
References	~~() http://www.ubuntu.com/usn/USN-1886-1 -~~	() http://www.ubuntu.com/usn/USN-1886-1 -
References	~~() https://puppetlabs.com/security/cve/cve-2013-3567/ - Vendor Advisory~~	() https://puppetlabs.com/security/cve/cve-2013-3567/ - Vendor Advisory

Information

Published : 2013-08-19 23:55

Updated : 2024-11-21 01:53

NVD link : CVE-2013-3567

Mitre link : CVE-2013-3567

CVE.ORG link : CVE-2013-3567

JSON object : View

Products Affected

novell

suse_linux_enterprise_desktop
suse_linux_enterprise_server

canonical

ubuntu_linux

puppet

puppet
puppet_enterprise

puppetlabs

puppet

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-3567", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-19T23:55:08.523", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/54429", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2013/dsa-2715", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-1886-1", "source": "cve@mitre.org"}, {"url": "https://puppetlabs.com/security/cve/cve-2013-3567/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/54429", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2013/dsa-2715", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1886-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://puppetlabs.com/security/cve/cve-2013-3567/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call."}, {"lang": "es", "value": "Puppet 2.7.x anterior a 2.7.22 y 3.2.x anterior a 3.2.2, y Puppet Enterprise anterior a 2.8.2, deserializa YAML sin confianza, lo que permite a atacantes remotos la instanciaci\u00f3n de clases de Ruby y ejecutar c\u00f3digo arbitrario a trav\u00e9s de una llamada RESTAPI manipulada."}], "lastModified": "2024-11-21T01:53:54.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE56BA6B-BDC4-431E-81FD-D7ED5E8783E9"}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF6D6B90-62BA-4944-A699-6D7C48AFD0A1"}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EC6A7B3-5949-4439-994A-68DA65438F5D"}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5140C34D-589C-43DB-BCA7-8434EB173205"}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E561C081-6262-46D3-AB17-01EEA6D3E988"}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4703802D-0E3A-4760-B660-6AE0AF74DD40"}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE3D39F6-F9C8-4E7F-981A-265B04E85579"}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEBB3936-7A81-4BD9-80B2-3F614980BBCE"}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1EABC0F-A7A6-4C28-9331-3EEB6D39A0C2"}, {"criteria": "cpe:2.3:a:puppet:puppet:2.7.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31787A8E-ACF2-477A-A101-96C298732631"}, {"criteria": "cpe:2.3:a:puppet:puppet:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "867A327E-421F-46A9-877C-8A2911971E39"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E5192CB-094F-469E-A644-2255C4F44804"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D17D2752-CB0D-4CC8-8604-FEBF8DEE16E0"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29BBE8DB-8560-4A57-9BCB-D709A697ECDE"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10E0543B-5B1D-4522-945D-98BD63380500"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "817AB37A-F7B0-4E68-B10A-9E4A358793F3"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12419C96-61A4-46B3-B8DA-FE3B8E7ACAEF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD55EF8A-A5D3-4800-9737-3C4D63FF8058"}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F519E49-D04A-442E-8F4F-4FCA93EEE544"}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:*:vmware:*:*", "vulnerable": true, "matchCriteriaId": "6972ACC2-6855-4C98-93C1-DD216A5BD3A7"}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "623DB4CD-8CB3-445A-B9B5-1238CF195235"}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*", "vulnerable": true, "matchCriteriaId": "83439D9C-2374-473C-8D64-C0DB886FEFB3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EB5B299-B528-4C71-B2F1-6C47E52F75F0", "versionEndIncluding": "2.8.1"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "926CFE0B-57A0-42EE-8B84-5C53C94F552E"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54836761-86C0-4240-8A43-D6DECC2BBBDA"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A584D14-197E-47EB-B394-B8B211D4B502"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCFA5742-38F2-43BD-9C90-E4F447F55684"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32A5E42D-9626-4FC8-A032-4CD4FA1255BF"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06F0697C-A1BF-42FE-A036-F3E6FAB30A87"}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C43CD3C-ACDB-418B-B67D-9C8EFAC0680C"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:1.0.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3246614-F3C3-4D0A-B41F-B2158F5B0185"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:1.1.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36ECFB92-2695-4C88-8F78-4AC31E3FC890"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:1.2.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DAADB8A-3428-43D7-B79B-040F80B5C161"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27BEF40A-546D-4A5D-8173-A6E3C715B4B9"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.6.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD3AE9E5-5439-439B-A628-1CCEB45D63AF"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49809A49-DD06-4335-9A09-EA35EB381B53"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE62E9E9-6183-4D43-B776-F6BA06AA292B"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.7.2:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26392E32-CB54-43F7-8EF2-00E860917F4A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10