PT-2018-17603 · Puppet · Facter+1

Publicado

2018-06-11

Atualizado

2018-08-02

CVE-2018-6514

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Puppet Agent versions 1.10.x prior to 1.10.13 Puppet Agent versions 5.3.x prior to 5.3.7 Puppet Agent versions 5.5.x prior to 5.5.2

Description The issue concerns a DLL preloading attack that could lead to a privilege escalation. This attack is related to Facter on Windows.

Recommendations For Puppet Agent versions 1.10.x prior to 1.10.13, update to version 1.10.13 or later. For Puppet Agent versions 5.3.x prior to 5.3.7, update to version 5.3.7 or later. For Puppet Agent versions 5.5.x prior to 5.5.2, update to version 5.5.2 or later.

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

CVE-2018-6514

Produtos afetados

Facter

Puppet Agent

PT-2018-17603 · Puppet · Facter+1

CVE-2018-6514

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3