Cobbler Remote Command Injection Vulnerability
BID:53666
Info
Cobbler Remote Command Injection Vulnerability
| Bugtraq ID: | 53666 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2395 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2012 12:00AM |
| Updated: | Jul 09 2012 07:30PM |
| Credit: | David Black |
| Vulnerable: |
SuSE openSUSE 12.1 SuSE openSUSE 11.4 Red Hat Network Satellite Server (for RHEL 6) 5.4 Red Hat Network Satellite Server (for RHEL 5) 5.4 Cobbler Cobbler 0 |
| Not Vulnerable: | |
Discussion
Cobbler Remote Command Injection Vulnerability
Cobbler is prone to a remote command-injection vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the context of the affected application.
Cobbler is prone to a remote command-injection vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the context of the affected application.
Exploit / POC
Cobbler Remote Command Injection Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Cobbler Remote Command Injection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Cobbler Remote Command Injection Vulnerability
References:
References:
- Cobbler Homepage (Cobbler)
- command injection on the host via the xmlrpc api (Ubuntu)
- command injection on the host via the xmlrpc api (GitHub)
- Merge pull request #164 from jimi1283/powerpipe (GitHub)