[Bug 825878] New: Puppet CVE-2013-3567 (Unauthenticated Remote Code Execution Vulnerability)
https://bugzilla.novell.com/show_bug.cgi?id=825878 https://bugzilla.novell.com/show_bug.cgi?id=825878#c0 Summary: Puppet CVE-2013-3567 (Unauthenticated Remote Code Execution Vulnerability) Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: openSUSE 12.3 Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: boris@steki.net QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0 When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload. Reproducible: Always Steps to Reproduce: 1. 2. 3. http://puppetlabs.com/security/cve/cve-2013-3567/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c1
Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c2
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c3
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c5
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c6
--- Comment #6 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c
Wojtek Dziewięcki
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c7
--- Comment #7 from Wojtek Dziewięcki
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c8
--- Comment #8 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c9
--- Comment #9 from Wojtek Dziewięcki
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c10
--- Comment #10 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c11
--- Comment #11 from Wojtek Dziewięcki
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c
SMASH SMASH
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c14
--- Comment #14 from Matthias Weckbecker
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c18
--- Comment #18 from Boris Manojlovic
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c19
--- Comment #19 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c20
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c21
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c22
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c23
--- Comment #23 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c24
--- Comment #24 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c25
Wojtek Dziewięcki
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c26
--- Comment #26 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=825878
https://bugzilla.novell.com/show_bug.cgi?id=825878#c27
Sebastian Krahmer
participants (1)
-
bugzilla_noreply@novell.com