Launchpad.net

CVE 2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

Related bugs and status

CVE-2014-3248 (Candidate) is related to these bugs:

Bug #1470417: hiera: code execution from the current directory

		In	Importance	Status
1470417	hiera: code execution from the current directory	Fuel for OpenStack	Medium	Triaged
1470417	hiera: code execution from the current directory	Fuel for OpenStack 8.0.x	Medium	Won't Fix
1470417	hiera: code execution from the current directory	Fuel for OpenStack mitaka	Medium	Triaged

See the

CVE page on Mitre.org for more details.

References

MISC: http://rowediness.com/...
CONFIRM: http://puppetlabs.com/...
BID: 68035
SECUNIA: 59197
SECUNIA: 59200