CVE-2014-3251
published 2014-08-12CVE-2014-3251: The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates…
PriorityP415medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EPSS
0.18%
7.2th percentile
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mcollective | < mcollective 2.6.0+dfsg-1 (bookworm) | mcollective 2.6.0+dfsg-1 (bookworm) |
| puppet | mcollective | >= 0 < 2.6.0+dfsg-1 | 2.6.0+dfsg-1 |
| puppet | mcollective | >= 0 < 2.6.0+dfsg-1 | 2.6.0+dfsg-1 |
| puppet | puppet_enterprise | <= 3.2.0 | — |
CVSS provenance
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM
vendor_debian4.4LOW
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
mcollective: aes_security.rb file creation vulnerability
vendor_redhat·2014-07-15·CVSS 4.4
CVE-2014-3251 [MEDIUM] CWE-348 mcollective: aes_security.rb file creation vulnerability
mcollective: aes_security.rb file creation vulnerability
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
Statement: Red Hat OpenShift Enterprise 2 is now in Production 1 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat OpenShift Enterprise 2 Life Cycle: https://access.redhat.com/support/policy/updates/openshift.
Package: mcollective (OpenShift Enterprise 1)
Debian
CVE-2014-3251: mcollective - The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 a...
vendor_debian·2014·CVSS 4.4
CVE-2014-3251 [MEDIUM] CVE-2014-3251: mcollective - The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 a...
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
Scope: local
bookworm: resolved (fixed in 2.6.0+dfsg-1)
bullseye: resolved (fixed in 2.6.0+dfsg-1)
GHSA
GHSA-q495-m6p3-c645: The MCollective aes_security plugin, as used in Puppet Enterprise before 3
ghsa_unreviewed·2022-05-14
CVE-2014-3251 [MEDIUM] CWE-362 GHSA-q495-m6p3-c645: The MCollective aes_security plugin, as used in Puppet Enterprise before 3
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
OSV
CVE-2014-3251: The MCollective aes_security plugin, as used in Puppet Enterprise before 3
osv·2014-08-12·CVSS 4.4
CVE-2014-3251 [MEDIUM] CVE-2014-3251: The MCollective aes_security plugin, as used in Puppet Enterprise before 3
The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [fedora-all]
bugzilla·2014-11-08·CVSS 4.4
CVE-2014-3251 [MEDIUM] CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [fedora-all]
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versio
Bugzilla
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [epel-7]
bugzilla·2014-11-08·CVSS 4.4
CVE-2014-3251 [MEDIUM] CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [epel-7]
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mcollective: see blocks b
Bugzilla
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [epel-6]
bugzilla·2014-11-08·CVSS 4.4
CVE-2014-3251 [MEDIUM] CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [epel-6]
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-6 tracking bug for mcollective: see blocks b
Bugzilla
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [epel-5]
bugzilla·2014-11-08·CVSS 4.4
CVE-2014-3251 [MEDIUM] CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [epel-5]
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug for mcollective: see blocks b
Bugzilla
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability
bugzilla·2014-06-06·CVSS 4.4
CVE-2014-3251 [MEDIUM] CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability
CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability
Mark Chappell of Red Hat reports:
When configured to automatically discover and store certificates the
aes_security plugin relies on the file name of the SSL certificate as stored
on the client rather than any of the information in the SSL certificate when
creating the file to store the certificate in. Due to a lack of checks in
aes_security.rb this allows arbitrary files to be created.
Discussion:
A planned disclosure date, Tuesday, July 15, 2014, at 14:30 UTC has been set, please note that this may change.
---
Created attachment 916998
mcollective-2.5.2-flaw-in-aes_security.patch
---
Statement:
Red Hat OpenShift Enterprise 2 is now in Production 1 Phase of the support and maintenance life cycle. This has been
2014-08-12
Published