CVE-2011-3872

Publication date 24 October 2011

Last updated 24 July 2024


Ubuntu priority

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."

Status

Package Ubuntu Release Status
puppet 11.10 oneiric
Fixed 2.7.1-1ubuntu3.2
11.04 natty
Fixed 2.6.4-2ubuntu2.5
10.10 maverick
Fixed 2.6.1-0ubuntu2.4
10.04 LTS lucid
Fixed 0.25.4-2ubuntu6.5
8.04 LTS hardy Ignored end of life