SecuritySpace - CVE-2014-3251

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-3251

Description: The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-3251
http://www.osvdb.org/109257
http://secunia.com/advisories/59356
http://secunia.com/advisories/60066

CVE ID:	CVE-2014-3251
Description:	The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3251 http://www.osvdb.org/109257 http://secunia.com/advisories/59356 http://secunia.com/advisories/60066