{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2012-08-06T16:00:00.000Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://puppetlabs.com/security/cve/cve-2012-3408/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.457Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://puppetlabs.com/security/cve/cve-2012-3408/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3408", "state": "PUBLISHED", "dateReserved": "2012-06-14T00:00:00.000Z", "datePublished": "2012-08-06T16:00:00.000Z", "dateUpdated": "2024-08-06T20:05:12.457Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "346F9C04-73F0-4244-9086-C16C981C92D1", "versionEndExcluding": "2.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*", "matchCriteriaId": "05782A68-DC7C-49D0-847A-F64A5C9F7DDB", "versionEndExcluding": "2.7.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address."}, {"lang": "es", "value": "lib/puppet/network/authstore.rb en Puppet anterior a v2.7.18, y Puppet Enterprise anterior a v2.5.2, compatible con el uso de direcciones IP en certnames sin previo aviso de los riesgos potenciales, podr\u00edan permitir a atacantes remotos falsificar un agente mediante la adquisici\u00f3n de una direcci\u00f3n IP previamente utilizada."}], "id": "CVE-2012-3408", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-06T16:55:05.133", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2012-3408/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2012-3408/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "puppet: possible host impersonation when using certificates issues for IP address", "id": "839166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address."], "name": "CVE-2012-3408", "package_state": [{"cpe": "cpe:/a:cloudforms_tools:1", "fix_state": "Affected", "package_name": "puppet", "product_name": "Red Hat CloudForms Tools 1"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Will not fix", "package_name": "puppet", "product_name": "Red Hat Enterprise MRG 1"}], "public_date": "2012-07-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3408\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3408\nhttp://puppetlabs.com/security/cve/cve-2012-3408/"], "threat_severity": "Low"}

{}