1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA32737

Cobbler Web Interface Privilege Escalation Vulnerability

Report ID: SA32737
Source: Secunia
Date of Discovery: 17.11.2008
Criticality: Negligible
Affects:
Cobbler 1.x
Compromise From: From remote
Compromise Type: Privilege escalation

Summary

A vulnerability has been reported in Cobbler, which can be exploited by malicious users to gain escalated privileges.

Detailed Description

A vulnerability has been reported in Cobbler, which can be exploited by malicious users to gain escalated privileges.

The vulnerability is caused due to the Cobbler Web Interface allowing users to edit kickstart templates, which can be imported as Python modules via Cheetah to execute arbitrary Python code as root user.

Successful exploitation requires access to the Cobbler Web Interface.

The vulnerability is reported in versions prior to 1.2.9.

Solution

Update to version 1.2.9.