CVE-2008-6954

Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 1.2.9

Description: The issue allows remote authenticated users to execute arbitrary Python code with root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules. This can be done through the web interface, CobblerWeb.

Recommendations: For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cheetah kickstart template editing feature in CobblerWeb to minimize the risk of exploitation.