CVE-2011-4953

Name of the Vulnerable Software and Affected Versions cobbler versions prior to 2.2.2

Description The issue allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe load function, as demonstrated using Puppet. This is due to a problem in the set mgmt parameters function in item.py.

Recommendations For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider modifying the set mgmt parameters function to use yaml.safe load instead of yaml.load until a patch is available. Restrict access to the item.py module to minimize the risk of exploitation.