Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/46550 | third party advisory vendor advisory |
| http://www.ubuntu.com/usn/USN-1238-2 | vendor advisory |
| http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70970 | vdb entry |
| http://secunia.com/advisories/46578 | third party advisory vendor advisory |
| https://puppet.com/security/cve/cve-2011-3872 | |
| http://secunia.com/advisories/46934 | third party advisory |
| http://groups.google.com/group/puppet-announce/browse_thread/thread/e7edc3a71348f3e1 | patch |
| http://www.securityfocus.com/bid/50356 | vdb entry |
| http://secunia.com/advisories/46964 | third party advisory |
| http://www.ubuntu.com/usn/USN-1238-1 | vendor advisory |