CVE-2014-3248

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions 2.8 through 2.8.6 Puppet versions 2.7.x through 2.7.25 and 3.x through 3.6.1 Facter versions 1.6.x through 1.6.x and 2.x through 2.0.1 Hiera versions prior to 1.3.4 Mcollective versions prior to 2.5.2

Description The issue allows local users to gain privileges via a Trojan horse file in the current working directory. This can be demonstrated using files such as rubygems/defaults/operating system.rb, Win32API.rb, Win32API.so, safe yaml.rb, safe yaml/deep.rb, safe yaml/deep.so, operatingsystem.rb, operatingsystem.so, osfamily.rb, or osfamily.so in puppet/confine. The vulnerability can be exploited when running with Ruby 1.9.1 or earlier.

Recommendations For Puppet Enterprise versions 2.8 through 2.8.6, update to version 2.8.7 or later. For Puppet versions 2.7.x through 2.7.25, update to version 2.7.26 or later. For Puppet versions 3.x through 3.6.1, update to version 3.6.2 or later. For Facter versions 1.6.x through 1.6.x, update to version 2.0.2 or later. For Facter versions 2.x through 2.0.1, update to version 2.0.2 or later. For Hiera versions prior to 1.3.4, update to version 1.3.4 or later. For Mcollective versions prior to 2.5.2, update to version 2.5.2 or later. As a temporary workaround, consider restricting access to the vulnerable files in the current working directory until a patch is available.