CVE-2013-1654

Severity

50%

Complexity

99%

Confidentiality

48%

Per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 "

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.

Per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 "

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 11 years ago

2013-03-20 16:55:00

Last updated 5 years ago

2019-07-10 17:47:00

Affected Software

Puppet Puppet 2.7.2

2.7.2

Puppet Puppet 2.7.3

2.7.3

Puppet Puppet 2.7.4

2.7.4

Puppet Puppet 2.7.5

2.7.5

Puppet Puppet 2.7.6

2.7.6

Puppet Puppet 2.7.7

2.7.7

Puppet Puppet 2.7.8

2.7.8

Puppet Puppet 2.7.9

2.7.9

Puppet 2.7.10

2.7.10

Puppet 2.7.11

2.7.11

Puppet 2.7.12

2.7.12

Puppet 2.7.13

2.7.13

Puppet 2.7.14

2.7.14

Puppet 2.7.16

2.7.16

Puppet 2.7.17

2.7.17

Puppet 2.7.18

2.7.18

Puppetlabs Puppet 2.7.0

2.7.0

Puppetlabs Puppet 2.7.1

2.7.1

Puppet Enterprise 3.1.0

3.1.0

Canonical Ubuntu Linux 11.10

11.10

Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)

12.04

Canonical Ubuntu Linux 12.10

12.10

References

SUSE-SU-2013:0618

openSUSE-SU-2013:0641

RHSA-2013:0710

52596

Vendor Advisory

USN-1759-1

DSA-2643

64758

https://puppetlabs.com/security/cve/cve-2013-1654/