| Name | CVE-2018-6508 |
| Description | Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more) |
| NVD severity | medium (attack range: remote) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| puppet-module-puppetlabs-apache (PTS) | jessie | 1.1.1-1 | vulnerable |
| stretch | 1.10.0-1 | vulnerable | |
| buster, sid | 3.4.0-1 | vulnerable | |
| puppet-module-puppetlabs-apt (PTS) | jessie | 1.4.2-1 | vulnerable |
| stretch | 2.3.0-1 | vulnerable | |
| buster, sid | 6.1.1-1 | vulnerable | |
| puppet-module-puppetlabs-mysql (PTS) | jessie | 2.3.1-1 | vulnerable |
| stretch | 3.10.0-1 | vulnerable | |
| buster, sid | 5.3.0-1 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| puppet-module-puppetlabs-apache | source | (unstable) | (unfixed) | unimportant | ||
| puppet-module-puppetlabs-apt | source | (unstable) | (unfixed) | unimportant | ||
| puppet-module-puppetlabs-mysql | source | (unstable) | (unfixed) | unimportant |
https://puppet.com/security/cve/CVE-2018-6508
Issue in various puppet modules: facter_task, puppet_conf, apt, apache and mysql modules
https://github.com/puppetlabs/puppetlabs-facter_task/commit/dd37c72e78c8a37e671e20becb05d6ceafdbd81c
https://github.com/puppetlabs/puppetlabs-puppet_conf/commit/ba434605717e16d935cba45ab38ca5866780a36b
https://github.com/puppetlabs/puppetlabs-apt/commit/81879be960d5723016e3d0b4ff155ee704261bbc
https://github.com/puppetlabs/puppetlabs-apache/commit/81bc5119ceced1faa4bf261efa4b7cd3731ef3ef
https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c
This is only exploitable with Puppet Tasks, which aren't packaged/available in Debian