CVE-2012-1987 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-1987 Interim 1 13 2023-05-14T01:09:27Z current 2021-05-30T13:03:17Z 2023-05-14T01:09:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-1987 Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2012-June/000153.html E-Mail link for SUSE-SU-2012:0771-1 https://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html E-Mail link for openSUSE-SU-2012:0608-1 https://lists.opensuse.org/opensuse-updates/2012-07/msg00015.html E-Mail link for openSUSE-SU-2012:0835-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 puppet-2.6.12-0.14.1 puppet-2.6.18-0.4.2 puppet-2.7.26-0.5.1 puppet-server-2.6.12-0.14.1 puppet-server-2.6.18-0.4.2 puppet-server-2.7.26-0.5.1 pwdutils-3.2.8-0.2.35 puppet-2.6.12-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA puppet-server-2.6.12-0.14.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA pwdutils-3.2.8-0.2.35 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA puppet-2.6.18-0.4.2 as a component of SUSE Linux Enterprise Server 11 SP3 puppet-server-2.6.18-0.4.2 as a component of SUSE Linux Enterprise Server 11 SP3 puppet-2.7.26-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP4 puppet-server-2.7.26-0.5.1 as a component of SUSE Linux Enterprise Server 11 SP4 Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. CVE-2012-1987 SUSE Linux Enterprise Server 11 SP1-TERADATA:puppet-2.6.12-0.14.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:puppet-server-2.6.12-0.14.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:pwdutils-3.2.8-0.2.35 SUSE Linux Enterprise Server 11 SP3:puppet-2.6.18-0.4.2 SUSE Linux Enterprise Server 11 SP3:puppet-server-2.6.18-0.4.2 SUSE Linux Enterprise Server 11 SP4:puppet-2.7.26-0.5.1 SUSE Linux Enterprise Server 11 SP4:puppet-server-2.7.26-0.5.1 low 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P