Cobbler Multiple Security Vulnerabilities
BID:53002
Info
Cobbler Multiple Security Vulnerabilities
| Bugtraq ID: | 53002 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 12 2012 12:00AM |
| Updated: | Apr 12 2012 12:00AM |
| Credit: | David Black and spamaps |
| Vulnerable: |
Cobbler Cobbler 2.0.4 Cobbler Cobbler 2.0.3 |
| Not Vulnerable: | |
Discussion
Cobbler Multiple Security Vulnerabilities
Cobbler is prone to a local privilege-escalation vulnerability, a cross-site request-forgery vulnerability and a remote code-execution vulnerability.
Attackers can leverage these issues to gain elevated privileges, execute arbitrary code or perform unauthorized actions on behalf of legitimate users. Successfully exploiting the privilege-escalation issue will result in the complete compromise of affected computers.
Cobbler is prone to a local privilege-escalation vulnerability, a cross-site request-forgery vulnerability and a remote code-execution vulnerability.
Attackers can leverage these issues to gain elevated privileges, execute arbitrary code or perform unauthorized actions on behalf of legitimate users. Successfully exploiting the privilege-escalation issue will result in the complete compromise of affected computers.
Exploit / POC
Cobbler Multiple Security Vulnerabilities
An attacker can exploit these issues using readily available tools. To exploit the cross-site request-forgery issue, the attacker must entice an unsuspecting victim into following a malicious URI.
An attacker can exploit these issues using readily available tools. To exploit the cross-site request-forgery issue, the attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Cobbler Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Cobbler Multiple Security Vulnerabilities
References:
References:
- a some what odd configuration in cobbler.wsgi (David Black)
- Cobbler Homepage (Cobbler)
- cobbler.wsgi sets unsafe PYTHON_EGG_CACHE (spamaps)
- lack of csrf protection in cobbler-web (David Black)