gsd-2014-3248
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-3248",
"description": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"id": "GSD-2014-3248",
"references": [
"https://www.suse.com/security/cve/CVE-2014-3248.html",
"https://ubuntu.com/security/CVE-2014-3248",
"https://alas.aws.amazon.com/cve/html/CVE-2014-3248.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-3248"
],
"details": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"id": "GSD-2014-3248",
"modified": "2023-12-13T01:22:53.104222Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2014-3248",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59200"
},
{
"name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"refsource": "MISC",
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68035"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.7.6||\u003e=2.0.0 \u003c2.0.2",
"affected_versions": "All versions before 1.7.6, all versions starting from 2.0.0 before 2.0.2",
"cvss_v2": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-17",
"CWE-937"
],
"date": "2021-09-07",
"description": "Untrusted search path vulnerability in Puppet Enterprise, Puppet, Facter, Hiera, and Mcollective, when running with Ruby or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"fixed_versions": [
"1.7.6",
"2.0.2"
],
"identifier": "CVE-2014-3248",
"identifiers": [
"GHSA-92v7-pq4h-58j5",
"CVE-2014-3248"
],
"not_impacted": "All versions starting from 1.7.6 before 2.0.0, all versions starting from 2.0.2",
"package_slug": "gem/facter",
"pubdate": "2017-10-24",
"solution": "Upgrade to versions 1.7.6, 2.0.2 or above.",
"title": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-3248",
"https://github.com/advisories/GHSA-92v7-pq4h-58j5",
"http://puppetlabs.com/security/cve/cve-2014-3248",
"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"http://secunia.com/advisories/59197",
"http://secunia.com/advisories/59200",
"http://www.securityfocus.com/bid/68035"
],
"uuid": "12277981-6d01-488a-a8d8-1b165bb9ee5f"
},
{
"affected_range": "\u003c1.3.4",
"affected_versions": "All versions before 1.3.4",
"cvss_v2": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-17",
"CWE-937"
],
"date": "2021-09-07",
"description": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"fixed_versions": [
"1.3.4"
],
"identifier": "CVE-2014-3248",
"identifiers": [
"GHSA-92v7-pq4h-58j5",
"CVE-2014-3248"
],
"not_impacted": "All versions starting from 1.3.4",
"package_slug": "gem/hiera",
"pubdate": "2017-10-24",
"solution": "Upgrade to version 1.3.4 or above.",
"title": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-3248",
"https://github.com/advisories/GHSA-92v7-pq4h-58j5",
"http://puppetlabs.com/security/cve/cve-2014-3248",
"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"http://secunia.com/advisories/59197",
"http://secunia.com/advisories/59200",
"http://www.securityfocus.com/bid/68035"
],
"uuid": "d1afa7c5-c0aa-442c-ae6c-c731a33d79cb"
},
{
"affected_range": "\u003c2.5.2",
"affected_versions": "All versions before 2.5.2",
"cvss_v2": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-17",
"CWE-937"
],
"date": "2021-09-07",
"description": "Untrusted search path vulnerability in Puppet Enterprise, Puppet, Facter, Hiera, and Mcollective, when running with Ruby or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"fixed_versions": [
"2.5.2"
],
"identifier": "CVE-2014-3248",
"identifiers": [
"GHSA-92v7-pq4h-58j5",
"CVE-2014-3248"
],
"not_impacted": "All versions starting from 2.5.2",
"package_slug": "gem/mcollective-client",
"pubdate": "2017-10-24",
"solution": "Upgrade to version 2.5.2 or above.",
"title": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-3248",
"https://github.com/advisories/GHSA-92v7-pq4h-58j5",
"http://puppetlabs.com/security/cve/cve-2014-3248",
"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"http://secunia.com/advisories/59197",
"http://secunia.com/advisories/59200",
"http://www.securityfocus.com/bid/68035"
],
"uuid": "d7f8914f-a611-4df7-8ac0-0fb68c48780e"
},
{
"affected_range": "\u003c2.7.26||\u003e=3.0.0 \u003c3.6.2",
"affected_versions": "All versions before 2.7.26, all versions starting from 3.0.0 before 3.6.2",
"cvss_v2": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-17",
"CWE-937"
],
"date": "2021-09-07",
"description": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.",
"fixed_versions": [
"2.7.26",
"3.6.2"
],
"identifier": "CVE-2014-3248",
"identifiers": [
"GHSA-92v7-pq4h-58j5",
"CVE-2014-3248"
],
"not_impacted": "All versions starting from 2.7.26 before 3.0.0, all versions starting from 3.6.2",
"package_slug": "gem/puppet",
"pubdate": "2017-10-24",
"solution": "Upgrade to versions 2.7.26, 3.6.2 or above.",
"title": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-3248",
"https://github.com/advisories/GHSA-92v7-pq4h-58j5",
"http://puppetlabs.com/security/cve/cve-2014-3248",
"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"http://secunia.com/advisories/59197",
"http://secunia.com/advisories/59200",
"http://www.securityfocus.com/bid/68035"
],
"uuid": "e44f5b7c-0f4c-49c3-9857-0c9536eaee35"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.18",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.26",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.7",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.6.2",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3248"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"refsource": "MISC",
"tags": [
"Exploit",
"Technical Description"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "59197",
"refsource": "SECUNIA",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59197"
},
{
"name": "68035",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68035"
},
{
"name": "59200",
"refsource": "SECUNIA",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59200"
},
{
"name": "http://puppetlabs.com/security/cve/cve-2014-3248",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2019-07-16T12:22Z",
"publishedDate": "2014-11-16T17:59Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.