Cobbler versions 2.6.0 and below suffer from an arbitrary file read vulnerability.
497ed8c35ababfe7320d0530b3d28ddb9cfc0de530e9750bb755847db44423a6Red Hat Security Advisory 2018-2372-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. Cobbler has a XMLRPC API for integration with other applications. Issues addressed include a method disclosure vulnerability.
5e102b6d7009188abe113a563bfde8a621677eef7808d531c0f59470391d2215Cobbler versions 2.4.x through 2.6.x suffer from a local file inclusion vulnerability.
2e95e8c1d7b784a8a867b18e9c0497e669454dba4841fb5be6e965abdc4b7b32Red Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.
a117798edbaaae98d35e372b2a965c0e26a3e98bfd81b95555118ca270a44f0bSecunia Security Advisory - SUSE has issued an update for cobbler. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.
9b2b777076f0077659ec329d9c211e8f33c419c5815f5bc8b059ee6bee3fb43cSecunia Security Advisory - SUSE has issued an update for cobbler. This fixes a security issue and two vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges, by malicious users to compromise a vulnerable system, and by malicious people to conduct cross-site request forgery attacks.
0cdee108aa0d0563cc352478ace6570a3993063983f8d7ed2ff02596fc42de88Secunia Security Advisory - A security issue and two vulnerabilities have been reported in Cobbler, which can be exploited by malicious, local users to perform certain actions with escalated privileges, by malicious users to compromise a vulnerable system, and by malicious people to conduct cross-site request forgery attacks.
7bc5cf3271baf05f646adb22b7aa7af0afdec7693e33a4db833ce05d28150f37Secunia Security Advisory - A weakness has been reported in Cobbler, which can be exploited by malicious, local users to manipulate certain data.
3586e44cf2d9a36d0f3099b0364d2500198c689fef49d3b60cdca093e2f62777Secunia Security Advisory - Red Hat has issued an update for cobbler. This fixes a vulnerability, which can be exploited by malicious users to gain escalated privileges.
03fddd23db68259bf18767470c47ef25cd708f6866554cd686db6f676cfa1bd7Secunia Security Advisory - Fedora has issued an update for cobbler. This fixes a vulnerability, which can be exploited by malicious users to gain escalated privileges.
f39f10ba6c7c45c87e968ac7db2f22f6a6e3b00ed3adfecd0a460821bfda453cSecunia Security Advisory - A vulnerability has been reported in Cobbler, which can be exploited by malicious users to gain escalated privileges.
e0818a00eac0a6118d740a248ead98a9d30b29d1f130d8c571be0d15c1a1f74c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed