GSD-2014-3248
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-3248",
"description": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"id": "GSD-2014-3248",
"references": [
"https://www.suse.com/security/cve/CVE-2014-3248.html",
"https://ubuntu.com/security/CVE-2014-3248",
"https://alas.aws.amazon.com/cve/html/CVE-2014-3248.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-3248"
],
"details": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"id": "GSD-2014-3248",
"modified": "2023-12-13T01:22:53.104222Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2014-3248",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59200"
},
{
"name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"refsource": "MISC",
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68035"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.7.6||\u003e=2.0.0 \u003c2.0.2",
"affected_versions": "All versions before 1.7.6, all versions starting from 2.0.0 before 2.0.2",
"cvss_v2": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-17",
"CWE-937"
],
"date": "2021-09-07",
"description": "Untrusted search path vulnerability in Puppet Enterprise, Puppet, Facter, Hiera, and Mcollective, when running with Ruby or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"fixed_versions": [
"1.7.6",
"2.0.2"
],
"identifier": "CVE-2014-3248",
"identifiers": [
"GHSA-92v7-pq4h-58j5",
"CVE-2014-3248"
],
"not_impacted": "All versions starting from 1.7.6 before 2.0.0, all versions starting from 2.0.2",
"package_slug": "gem/facter",
"pubdate": "2017-10-24",
"solution": "Upgrade to versions 1.7.6, 2.0.2 or above.",
"title": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-3248",
"https://github.com/advisories/GHSA-92v7-pq4h-58j5",
"http://puppetlabs.com/security/cve/cve-2014-3248",
"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"http://secunia.com/advisories/59197",
"http://secunia.com/advisories/59200",
"http://www.securityfocus.com/bid/68035"
],
"uuid": "12277981-6d01-488a-a8d8-1b165bb9ee5f"
},
{
"affected_range": "\u003c1.3.4",
"affected_versions": "All versions before 1.3.4",
"cvss_v2": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-17",
"CWE-937"
],
"date": "2021-09-07",
"description": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"fixed_versions": [
"1.3.4"
],
"identifier": "CVE-2014-3248",
"identifiers": [
"GHSA-92v7-pq4h-58j5",
"CVE-2014-3248"
],
"not_impacted": "All versions starting from 1.3.4",
"package_slug": "gem/hiera",
"pubdate": "2017-10-24",
"solution": "Upgrade to version 1.3.4 or above.",
"title": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-3248",
"https://github.com/advisories/GHSA-92v7-pq4h-58j5",
"http://puppetlabs.com/security/cve/cve-2014-3248",
"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"http://secunia.com/advisories/59197",
"http://secunia.com/advisories/59200",
"http://www.securityfocus.com/bid/68035"
],
"uuid": "d1afa7c5-c0aa-442c-ae6c-c731a33d79cb"
},
{
"affected_range": "\u003c2.5.2",
"affected_versions": "All versions before 2.5.2",
"cvss_v2": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-17",
"CWE-937"
],
"date": "2021-09-07",
"description": "Untrusted search path vulnerability in Puppet Enterprise, Puppet, Facter, Hiera, and Mcollective, when running with Ruby or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"fixed_versions": [
"2.5.2"
],
"identifier": "CVE-2014-3248",
"identifiers": [
"GHSA-92v7-pq4h-58j5",
"CVE-2014-3248"
],
"not_impacted": "All versions starting from 2.5.2",
"package_slug": "gem/mcollective-client",
"pubdate": "2017-10-24",
"solution": "Upgrade to version 2.5.2 or above.",
"title": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-3248",
"https://github.com/advisories/GHSA-92v7-pq4h-58j5",
"http://puppetlabs.com/security/cve/cve-2014-3248",
"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"http://secunia.com/advisories/59197",
"http://secunia.com/advisories/59200",
"http://www.securityfocus.com/bid/68035"
],
"uuid": "d7f8914f-a611-4df7-8ac0-0fb68c48780e"
},
{
"affected_range": "\u003c2.7.26||\u003e=3.0.0 \u003c3.6.2",
"affected_versions": "All versions before 2.7.26, all versions starting from 3.0.0 before 3.6.2",
"cvss_v2": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-17",
"CWE-937"
],
"date": "2021-09-07",
"description": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"fixed_versions": [
"2.7.26",
"3.6.2"
],
"identifier": "CVE-2014-3248",
"identifiers": [
"GHSA-92v7-pq4h-58j5",
"CVE-2014-3248"
],
"not_impacted": "All versions starting from 2.7.26 before 3.0.0, all versions starting from 3.6.2",
"package_slug": "gem/puppet",
"pubdate": "2017-10-24",
"solution": "Upgrade to versions 2.7.26, 3.6.2 or above.",
"title": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-3248",
"https://github.com/advisories/GHSA-92v7-pq4h-58j5",
"http://puppetlabs.com/security/cve/cve-2014-3248",
"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"http://secunia.com/advisories/59197",
"http://secunia.com/advisories/59200",
"http://www.securityfocus.com/bid/68035"
],
"uuid": "e44f5b7c-0f4c-49c3-9857-0c9536eaee35"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.18",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.26",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.7",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.6.2",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3248"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"refsource": "MISC",
"tags": [
"Exploit",
"Technical Description"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "59197",
"refsource": "SECUNIA",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59197"
},
{
"name": "68035",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68035"
},
{
"name": "59200",
"refsource": "SECUNIA",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59200"
},
{
"name": "http://puppetlabs.com/security/cve/cve-2014-3248",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2019-07-16T12:22Z",
"publishedDate": "2014-11-16T17:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…