Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-2066

pxp-agent attempts to configure OpenSSL from uncontrolled location

    XMLWordPrintable

Details

    • Bolt
    • CVE-2018-6515
    • Bolt Kanban
    • Needs Assessment
    • Security Fix
    • Addresses CVE-2018-6515: an issue that allowed a lower privilege user to create an openssl.cnf that would be read by pxp-agent on startup has been fixed.
    • Needs Assessment

    Description

      On startup, pxp-agent attempts to configure OpenSSL from C:\ProgramFiles64Folder\PuppetLabs\Puppet\puppet\ssl\openssl.cnf. This happens as part of initializing libcurl for downloading tasks. The location it loads from is hard-coded when we build OpenSSL.

      We should be able to control where it loads from by setting OPENSSL_CONF in the registry config for pxp-agent/NSSM.

      Attachments

        Activity

          People

            Unassigned Unassigned
            michael.smith Michael Smith
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support