Bug 1542831 (CVE-2018-6508)

Summary: CVE-2018-6508 puppet: Unparameterized input in multiple modules can allow a remote user to execute arbitrary code
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: apevec, chrisw, jjoyce, jschluet, lhh, lpeer, markmc, mburns, rbryant, sclewis, slinaber, tdecacqu, tvignaud
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: puppet-apache 2.3.1, puppet-mysql 5.2.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 19:54:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1543225, 1543226    
Bug Blocks: 1542255, 1542832    

Description Sam Fowler 2018-02-07 06:15:08 UTC 
Multiplep puppet modules do not properly paramterize their inputs to spawned child processes. A remote attacker with permission to run these modules could exploit this to execute arbitrary commands.

The affected modules include:
 Puppetlabs/facter_task puppet module prior to 0.1.5
 Puppetlabs/puppet_conf puppet module prior to 0.1.5
 Puppetlabs/apt puppet module prior to 4.5.1
 Puppetlabs/mysql puppet module prior to 5.2.1
 Puppetlabs/apache puppet module prior to 2.3.1


Upstream Advisory:

https://puppet.com/security/cve/CVE-2018-6508


Upstream Commits:

https://github.com/puppetlabs/puppetlabs-facter_task/commit/dd37c72e78c8a37e671e20becb05d6ceafdbd81c
https://github.com/puppetlabs/puppetlabs-puppet_conf/commit/ba434605717e16d935cba45ab38ca5866780a36b
https://github.com/puppetlabs/puppetlabs-apt/commit/81879be960d5723016e3d0b4ff155ee704261bbc
https://github.com/puppetlabs/puppetlabs-apache/commit/81bc5119ceced1faa4bf261efa4b7cd3731ef3ef
https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c