Summary
| Detail | |||
|---|---|---|---|
| Vendor | Michael Dehaan | First view | 2009-08-12 |
| Product | Cobbler | Last view | 2010-12-09 |
| Version | 1.2.3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:michael_dehaan:cobbler | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2010-12-09 | CVE-2010-4512 | Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. |
| 8.5 | 2010-12-09 | CVE-2010-2235 | template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954. |
| 7.5 | 2010-12-09 | CVE-2009-5021 | Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. |
| 9 | 2009-08-12 | CVE-2008-6954 | The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 25% (1) | CWE-255 | Credentials Management |
| 25% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 69750 | Cobbler umask Value Weakness Unspecified Local Issue |
| 69700 | Cobbler Installation Default Password |
| 68883 | Cobbler on Red Hat template_api.py Kickstart Template File Arbitrary Code Exe... |
| 50291 | Cobbler Web Interface Kickstart Template Manipulation Privilege Escalation |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-02-17 | Name : Fedora Update for cobbler FEDORA-2008-9723 File : nvt/gb_fedora_2008_9723_cobbler_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for cobbler FEDORA-2008-9745 File : nvt/gb_fedora_2008_9745_cobbler_fc9.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-10-18 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2010-0775.nasl - Type: ACT_GATHER_INFO |
| 2008-11-21 | Name: The remote Fedora host is missing a security update. File: fedora_2008-9723.nasl - Type: ACT_GATHER_INFO |
| 2008-11-21 | Name: The remote Fedora host is missing a security update. File: fedora_2008-9745.nasl - Type: ACT_GATHER_INFO |
