Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-3408

Published: 6 August 2012

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.

Notes

AuthorNote
mdeslaur 
This would break existing installations. This will be fixed
in upstream 3.0. For 2.7, USN-1506-1 added a deprecation
warning.
Since this change would break existing installations, we will
not fix this in Ubuntu.

Priority

Medium

Status

Package Release Status
puppet
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid Ignored

natty Ignored

oneiric Ignored

precise Ignored

upstream Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading