Puppet£¬ÊÇ»ùÓÚRubyµÄÒ»¸ö¹¤¾ß£¬¿ÉÒÔ¼¯ÖйÜÀíÿһ¸öÖØÒª·½Ã棬ʹÓõÄÊÇ¿çƽ̨µÄ¹æ·¶ÓïÑÔ£¬¹ÜÀíËùÓе¥¶ÀµÄÔªËØ£¬Í¨³£¾Û¼¯ÔÚ²»Í¬µÄÎļþ£¬ÈçÓû§£¬ CRON×÷Òµ£¬ºÍÖ÷»úÒ»ÆðµÄÀëÉ¢ÔªËØ£¬Èç°ü×°£¬·þÎñºÍÎļþ¡£
PuppetµÄ¼òµ¥³ÂÊö¹æ·¶ÓïÑÔµÄÄÜÁ¦ÌṩÁËÇ¿´óµÄclassingÖƶ¨ÁËÖ÷»úÖ®¼äµÄÏàËÆÖ®´¦£¬Í¬Ê±Ê¹ËûÃÇÄܹ»Ìṩ¾¡¿ÉÄܾßÌåµÄ±ØÒªµÄ£¬ËüÒÀÀµµÄÏȾöÌõ¼þºÍ¶ÔÏóÖ®¼äµÄ¹ØϵÇå³þ¶øÃ÷È·¡£
½ô¼±·¢²¼3.2.2/2.7.22Õýʽ°æ¡£2013-06-19Éϸö°æ±¾ÊÇ2013-05-23µÄ3.2.1 Ö»ÐÞ¸´Ò»¸ö°²È«Â©¶´CVE-2013-3567 Unauthenticated Remote Code Execution Vulnerability.
¾ßÌå˵Ã÷
CVE-2013-3567 Unauthenticated Remote Code Execution Vulnerability.
A critical vulnerability was found in puppet wherein it was possible for the puppet master to take YAML from an untrusted client via the REST API. This YAML could be deserialized to construct an object containing arbitrary code.
ÏÂÔØ£ºhttp://downloads.puppetlabs.com/puppet/puppet-3.2.2.tar.gz
http://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz
À´×Ô:¿ªÔ´ÖйúÉçÇø
