Candidate: CVE-2014-3251
PublicDate: 2014-08-12 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3251
 http://secunia.com/advisories/60066
 http://secunia.com/advisories/59356
 http://puppetlabs.com/security/cve/cve-2014-3251
Description:
 The MCollective aes_security plugin, as used in Puppet Enterprise before
 3.3.0 and Mcollective before 2.5.3, does not properly validate new server
 certificates based on the CA certificate, which allows local users to
 establish unauthorized Mcollective connections via unspecified vectors
 related to a race condition.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Mark Chappell
Assigned-to:
CVSS: 

Patches_mcollective:
upstream_mcollective: released (2.3.5)
lucid_mcollective: DNE
precise_mcollective: ignored (reached end-of-life)
precise/esm_mcollective: DNE (precise was needed)
trusty_mcollective: ignored (reached end-of-life)
trusty/esm_mcollective: DNE (trusty was needed)
utopic_mcollective: ignored (reached end-of-life)
vivid_mcollective: ignored (reached end-of-life)
vivid/stable-phone-overlay_mcollective: DNE
vivid/ubuntu-core_mcollective: DNE
wily_mcollective: ignored (reached end-of-life)
xenial_mcollective: not-affected
yakkety_mcollective: ignored (reached end-of-life)
zesty_mcollective: ignored (reached end-of-life)
artful_mcollective: ignored (reached end-of-life)
bionic_mcollective: not-affected
cosmic_mcollective: not-affected
disco_mcollective: not-affected
devel_mcollective: not-affected