Displaying 1 result from an estimated 1 matches for "c34e20b7904b66ea97328f1a3846a848".
2010 Dec 01
0
SECURITY: Authorization vulnerability in Puppet 2.6.x
...to address this issue. Adding an
auth.conf configuration file if one is not present in your environment
will also provide protection from this issue.
$ cd /etc/puppet
$ wget --no-check-certificate
https://github.com/puppetlabs/puppet/raw/2.6.x/conf/auth.conf
The checksum of this file should be: c34e20b7904b66ea97328f1a3846a848
Detail
------
If a given node or server is missing an auth.conf file in /etc/puppet,
they may be vulnerable to information disclosure or resource
manipulation from authenticated Puppet nodes. In both cases the scope is
limited to the privileges of the remote Puppet process.
Minimum conditions fo...