CVE-2013-4761 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-4761 Interim 1 18 2022-12-03T02:32:30Z current 2021-05-30T13:14:52Z 2022-12-03T02:32:30Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-4761 Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html E-Mail link for SUSE-SU-2014:0155-1 https://lists.opensuse.org/opensuse-security-announce/2014-04/msg00009.html E-Mail link for SUSE-SU-2014:0510-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 openSUSE Tumbleweed puppet-2.6.18-0.12.1 puppet-2.6.18-0.14.1 puppet-2.7.26-0.5.1 puppet-3.6.2-3.62 puppet-3.8.5-14.1 puppet-3.8.5-15.9.1 puppet-3.8.5-5.1 puppet-server-2.6.18-0.12.1 puppet-server-2.6.18-0.14.1 puppet-server-2.7.26-0.5.1 puppet-server-3.6.2-3.62 pwdutils-3.2.8-0.2.35 ruby2.2-rubygem-puppet-3.8.7-2.2 ruby2.2-rubygem-puppet-doc-3.8.7-2.2 ruby2.2-rubygem-puppet-testsuite-3.8.7-2.2 ruby2.3-rubygem-puppet-3.8.7-2.2 ruby2.3-rubygem-puppet-doc-3.8.7-2.2 ruby2.3-rubygem-puppet-testsuite-3.8.7-2.2 rubygem-puppet-3.8.7-2.2 rubygem-puppet-emacs-3.8.7-2.2 rubygem-puppet-master-3.8.7-2.2 rubygem-puppet-master-unicorn-3.8.7-2.2 rubygem-puppet-vim-3.8.7-2.2 puppet-2.6.18-0.12.1 as a component of SUSE Linux Enterprise Desktop 11 SP2 puppet-2.6.18-0.14.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 puppet-3.6.2-3.62 as a component of SUSE Linux Enterprise Desktop 12 puppet-3.6.2-3.62 as a component of SUSE Linux Enterprise Desktop 12 SP1 puppet-3.8.5-5.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 puppet-3.8.5-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 puppet-3.8.5-15.9.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 puppet-3.6.2-3.62 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 puppet-server-3.6.2-3.62 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 puppet-2.6.18-0.12.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA puppet-server-2.6.18-0.12.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA pwdutils-3.2.8-0.2.35 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA puppet-2.6.18-0.12.1 as a component of SUSE Linux Enterprise Server 11 SP2 puppet-server-2.6.18-0.12.1 as a component of SUSE Linux Enterprise Server 11 SP2 puppet-2.6.18-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS puppet-server-2.6.18-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS puppet-2.6.18-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP3 puppet-server-2.6.18-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP3 puppet-2.6.18-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA puppet-server-2.6.18-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA puppet-2.7.26-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP4 puppet-server-2.7.26-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP4 puppet-2.6.18-0.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 puppet-server-2.6.18-0.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 puppet-2.6.18-0.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 puppet-server-2.6.18-0.14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 ruby2.2-rubygem-puppet-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.2-rubygem-puppet-doc-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.2-rubygem-puppet-testsuite-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.3-rubygem-puppet-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.3-rubygem-puppet-doc-3.8.7-2.2 as a component of openSUSE Tumbleweed ruby2.3-rubygem-puppet-testsuite-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-emacs-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-master-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-master-unicorn-3.8.7-2.2 as a component of openSUSE Tumbleweed rubygem-puppet-vim-3.8.7-2.2 as a component of openSUSE Tumbleweed Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. CVE-2013-4761 SUSE Linux Enterprise Desktop 11 SP2:puppet-2.6.18-0.12.1 SUSE Linux Enterprise Desktop 11 SP3:puppet-2.6.18-0.14.1 SUSE Linux Enterprise Desktop 12:puppet-3.6.2-3.62 SUSE Linux Enterprise Desktop 12 SP1:puppet-3.6.2-3.62 SUSE Linux Enterprise Desktop 12 SP2:puppet-3.8.5-5.1 SUSE Linux Enterprise Desktop 12 SP3:puppet-3.8.5-14.1 SUSE Linux Enterprise Desktop 12 SP4:puppet-3.8.5-15.9.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:puppet-3.6.2-3.62 SUSE Linux Enterprise Module for Advanced Systems Management 12:puppet-server-3.6.2-3.62 SUSE Linux Enterprise Server 11 SP1-TERADATA:puppet-2.6.18-0.12.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:puppet-server-2.6.18-0.12.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:pwdutils-3.2.8-0.2.35 SUSE Linux Enterprise Server 11 SP2:puppet-2.6.18-0.12.1 SUSE Linux Enterprise Server 11 SP2:puppet-server-2.6.18-0.12.1 SUSE Linux Enterprise Server 11 SP2-LTSS:puppet-2.6.18-0.14.1 SUSE Linux Enterprise Server 11 SP2-LTSS:puppet-server-2.6.18-0.14.1 SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.14.1 SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.14.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-2.6.18-0.14.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:puppet-server-2.6.18-0.14.1 SUSE Linux Enterprise Server 11 SP4:puppet-2.7.26-0.5.1 SUSE Linux Enterprise Server 11 SP4:puppet-server-2.7.26-0.5.1 SUSE Linux Enterprise Server for SAP Applications 11 SP2:puppet-2.6.18-0.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP2:puppet-server-2.6.18-0.12.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-2.6.18-0.14.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:puppet-server-2.6.18-0.14.1 openSUSE Tumbleweed:ruby2.2-rubygem-puppet-3.8.7-2.2 openSUSE Tumbleweed:ruby2.2-rubygem-puppet-doc-3.8.7-2.2 openSUSE Tumbleweed:ruby2.2-rubygem-puppet-testsuite-3.8.7-2.2 openSUSE Tumbleweed:ruby2.3-rubygem-puppet-3.8.7-2.2 openSUSE Tumbleweed:ruby2.3-rubygem-puppet-doc-3.8.7-2.2 openSUSE Tumbleweed:ruby2.3-rubygem-puppet-testsuite-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-emacs-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-master-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-master-unicorn-3.8.7-2.2 openSUSE Tumbleweed:rubygem-puppet-vim-3.8.7-2.2 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P