Bug 1542831 (CVE-2018-6508) - CVE-2018-6508 puppet: Unparameterized input in multiple modules can allow a remote user to execute arbitrary code
Summary: CVE-2018-6508 puppet: Unparameterized input in multiple modules can allow a r...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-6508
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1543225 1543226
Blocks: 1542255 1542832
TreeView+ depends on / blocked
 
Reported: 2018-02-07 06:15 UTC by Sam Fowler
Modified: 2021-10-21 19:54 UTC (History)
13 users (show)

Fixed In Version: puppet-apache 2.3.1, puppet-mysql 5.2.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-21 19:54:36 UTC


Attachments (Terms of Use)

Description Sam Fowler 2018-02-07 06:15:08 UTC
Multiplep puppet modules do not properly paramterize their inputs to spawned child processes. A remote attacker with permission to run these modules could exploit this to execute arbitrary commands.

The affected modules include:
 Puppetlabs/facter_task puppet module prior to 0.1.5
 Puppetlabs/puppet_conf puppet module prior to 0.1.5
 Puppetlabs/apt puppet module prior to 4.5.1
 Puppetlabs/mysql puppet module prior to 5.2.1
 Puppetlabs/apache puppet module prior to 2.3.1


Upstream Advisory:

https://puppet.com/security/cve/CVE-2018-6508


Upstream Commits:

https://github.com/puppetlabs/puppetlabs-facter_task/commit/dd37c72e78c8a37e671e20becb05d6ceafdbd81c
https://github.com/puppetlabs/puppetlabs-puppet_conf/commit/ba434605717e16d935cba45ab38ca5866780a36b
https://github.com/puppetlabs/puppetlabs-apt/commit/81879be960d5723016e3d0b4ff155ee704261bbc
https://github.com/puppetlabs/puppetlabs-apache/commit/81bc5119ceced1faa4bf261efa4b7cd3731ef3ef
https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c


Note You need to log in before you can comment on or make changes to this bug.