PT-2017-3501 · Cobbler+2 · Cobbler+2

0Xabe-Io

Publicado

2017-10-19

Atualizado

2024-06-15

CVE-2017-1000469

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cobbler versions up to 2.8.2

Description The issue is related to the lack of data sanitization in the add repo component of the Cobbler network installation server, which can be exploited by a remote attacker to execute arbitrary code with root privileges.

Recommendations For Cobbler versions up to 2.8.2, update to a version that contains a fix for this issue to prevent arbitrary code execution as the root user.

Exploit

Correção

RCE

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-77

Identificadores relacionados

BDU:2018-00330

CVE-2017-1000469

GHSA-96HW-V598-JVGH

OPENSUSE-SU-2018_1770-1

OPENSUSE-SU-2021:0046-1

OPENSUSE-SU-2021:0058-1

OPENSUSE-SU-2021_0046-1

OPENSUSE-SU-2024:10690-1

SUSE-SU-2018:1736-1

SUSE-SU-2018:1741-1

SUSE-SU-2018:1751-1

SUSE-SU-2018_1741-1

USN-6475-1

Produtos afetados

Cobbler

Suse

Ubuntu

PT-2017-3501 · Cobbler+2 · Cobbler+2

CVE-2017-1000469

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 146