CVE-2012-2395
Published: 16 June 2012
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
Notes
| Author | Note |
|---|---|
| jdstrand | maas-provision in 12.04 is a code copy of cobbler, but with reduced features and usage. Only the portions of maas-provision specifically used by maas will recieve official support maas in 12.10 as of 0.1+bzr971+dfsg-0ubuntu1 no longer depends on maas-provision and maas-provision has moved to universe. 12.04 should also receive this update for maas, so deferring for now. maas-provision removed from 12.10 before release power functionality is blocked by the AppArmor profile in maas-provision on 12.04 LTS, so this vulnerability is mitigated. This was tested by modifying /usr/share/pyshared/cobbler/utils.py to remove the check for invalid characters, then getting a system name with 'sudo cobbler list' then doing something like: $ sudo cobbler system edit --name node-457f02f2-3fe6-11e2-a048-525400209fb8 \ --power-type ether_wake \ --power-user Admin --power-pass PASSWORD \ --power-address 'AA:BB:CC:DD:EE:FF" ; /usr/bin/touch /gotcha ; "' $ sudo cobbler system poweron --name=node-457f02f2-3fe6-11e2-a048-525400209fb8 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cobbler Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Does not exist
|
|
| hardy |
Does not exist
|
|
| lucid |
Does not exist
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was not-affected [2.4.1-0ubuntu2])
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(2.4.1-0ubuntu2)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
|
|
Patches: other: https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf |
||
|
maas-provision Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| hardy |
Does not exist
|
|
| lucid |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Ignored
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| This vulnerability is mitigated in part by an AppArmor profile. | ||