====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN159
_____________________________________________________________________

DATE                : 29/05/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Puppet versions prior to 4.10.1,
                        Puppet Agent versions prior to 1.10.1,
                Puppet Enterprise versions prior to 2016.4.5, 2017.2.1.

=====================================================================
https://puppet.com/security/cve/cve-2017-2295
____________________________________________________________________


CVE-2017-2295 - Puppet Server Remote Code Execution Via YAML Deserialization


Overview

Puppet Server Remote Code Execution Via YAML Deserialization

    Posted May 11, 2017
    Assessed Risk Level: High
    CVSS: 8.2


Versions of Puppet prior to 4.10.1 will deserialize data off the wire
(from the agent to the server, in this case) with a attacker-specified
format. This could be used to force YAML deserialization in an unsafe
manner, which would lead to remote code execution. This change
constrains the format of data on the wire to PSON or safely decoded
YAML.

This vulnerability was found by an internal audit at Puppet.
Status:

Affected Software Versions:

    Puppet prior to 4.10.1
    Puppet Agent prior to 1.10.1
    Puppet Enterprise prior to 2016.4.5
    Puppet Enterprise 2016.5.x
    Puppet Enterprise 2017.1.x

Resolved in:

    Puppet 4.10.1
    Puppet Agent 1.10.1
    Puppet Enterprise 2016.4.5
    Puppet Enterprise 2017.2.1



==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================