UBUNTU-CVE-2014-3248
- Source
- https://ubuntu.com/security/CVE-2014-3248
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3248.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-3248
- Related
- Published
- 2014-11-16T00:00:00Z
- Modified
- 2024-10-15T14:05:47Z
- Summary
- [none]
- Details
-
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operatingsystem.rb, (2) Win32API.rb, (3) Win32API.so, (4) safeyaml.rb, (5) safeyaml/deep.rb, or (6) safeyaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
- References
Affected packages
Ubuntu:14.04:LTS / puppet
Package
- Name
- puppet
- Purl
- pkg:deb/ubuntu/puppet?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.3-1ubuntu1.2
Affected versions
3.*
3.2.4-2ubuntu2
3.3.1-1ubuntu1
3.3.1-1ubuntu2
3.3.1-1ubuntu3
3.4.2-1
3.4.3-1
3.4.3-1ubuntu1
3.4.3-1ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "3.4.3-1ubuntu1.2",
"binary_name": "puppet"
},
{
"binary_version": "3.4.3-1ubuntu1.2",
"binary_name": "puppet-common"
},
{
"binary_version": "3.4.3-1ubuntu1.2",
"binary_name": "puppet-el"
},
{
"binary_version": "3.4.3-1ubuntu1.2",
"binary_name": "puppet-testsuite"
},
{
"binary_version": "3.4.3-1ubuntu1.2",
"binary_name": "puppetmaster"
},
{
"binary_version": "3.4.3-1ubuntu1.2",
"binary_name": "puppetmaster-common"
},
{
"binary_version": "3.4.3-1ubuntu1.2",
"binary_name": "puppetmaster-passenger"
},
{
"binary_version": "3.4.3-1ubuntu1.2",
"binary_name": "vim-puppet"
}
]
}
Ubuntu:Pro:14.04:LTS / facter
Package
- Name
- facter
- Purl
- pkg:deb/ubuntu/facter?arch=src?distro=trusty/esm
Ubuntu:16.04:LTS / puppet
Package
- Name
- puppet
- Purl
- pkg:deb/ubuntu/puppet?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.5-2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "3.8.5-2",
"binary_name": "puppet"
},
{
"binary_version": "3.8.5-2",
"binary_name": "puppet-common"
},
{
"binary_version": "3.8.5-2",
"binary_name": "puppet-el"
},
{
"binary_version": "3.8.5-2",
"binary_name": "puppet-testsuite"
},
{
"binary_version": "3.8.5-2",
"binary_name": "puppetmaster"
},
{
"binary_version": "3.8.5-2",
"binary_name": "puppetmaster-common"
},
{
"binary_version": "3.8.5-2",
"binary_name": "puppetmaster-passenger"
},
{
"binary_version": "3.8.5-2",
"binary_name": "vim-puppet"
}
]
}