FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

puppet-agent MCollective plugin -- Remote Code Execution vulnerability

Affected packages
mcollective-puppet-agent < 1.11.1

Details

VuXML ID df502a2f-61f6-11e6-a461-643150d3111d
Discovery 2016-08-09
Entry 2016-08-15

Puppet reports:

Puppet Enterprise previously included a puppet-agent MCollective plugin that allowed you to pass the `--server` argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. The puppet-agent MCollective version included in PE 2016.2.1, this option is disabled by default.

[source]

References

CVE Name CVE-2015-7331
URL https://puppet.com/security/cve/cve-2015-7331

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.