On 10/24/2011 04:02 PM, Michael Stahnke wrote: > We have discovered a security vulnerability (“AltNames Vulnerability”) > whereby a malicious attacker can impersonate the Puppet master using > credentials from a Puppet agent node. This vulnerability cannot cross > Puppet deployments, but it can allow an attacker with elevated > privileges on one Puppet-managed node to gain control of any other > Puppet-managed node within the same infrastructure. > > All Puppet Enterprise deployments are vulnerable, and Puppet open > source deployments may be, depending upon their site configuration.
As far as my understanding goes, I *should* be affected by this CVE, but don't appear to be. I'm: * running puppet 0.25.5 (nginx/mongrel) * I use certdnsnames to specify alternative names in my [puppetmaster] section of my puppet.conf * all my nodes connect to one of the alternative names in their [puppet] section's "server" line I only write the [puppetmaster] section in the puppet.conf file on my puppet master server; are the subjectAltNames only added to the certificate request if the config is present on the client nodes? -Doug
signature.asc
Description: OpenPGP digital signature
