CVE-2012-2395
Published: 16 June 2012
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
Notes
Author | Note |
---|---|
jdstrand | maas-provision in 12.04 is a code copy of cobbler, but with reduced features and usage. Only the portions of maas-provision specifically used by maas will recieve official support maas in 12.10 as of 0.1+bzr971+dfsg-0ubuntu1 no longer depends on maas-provision and maas-provision has moved to universe. 12.04 should also receive this update for maas, so deferring for now. maas-provision removed from 12.10 before release power functionality is blocked by the AppArmor profile in maas-provision on 12.04 LTS, so this vulnerability is mitigated. This was tested by modifying /usr/share/pyshared/cobbler/utils.py to remove the check for invalid characters, then getting a system name with 'sudo cobbler list' then doing something like: $ sudo cobbler system edit --name node-457f02f2-3fe6-11e2-a048-525400209fb8 \ --power-type ether_wake \ --power-user Admin --power-pass PASSWORD \ --power-address 'AA:BB:CC:DD:EE:FF" ; /usr/bin/touch /gotcha ; "' $ sudo cobbler system poweron --name=node-457f02f2-3fe6-11e2-a048-525400209fb8 |
Priority
Status
Package | Release | Status |
---|---|---|
cobbler Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Does not exist
|
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [2.4.1-0ubuntu2])
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(2.4.1-0ubuntu2)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
Patches: other: https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf |
||
maas-provision Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Ignored
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
This vulnerability is mitigated in part by an AppArmor profile. |