PT-2017-3501 · Cobbler+2 · Cobbler+2

0Xabe-Io

Published

2017-10-19

Updated

2024-06-15

CVE-2017-1000469

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cobbler versions up to 2.8.2

Description The issue is related to the lack of data sanitization in the add repo component of the Cobbler network installation server, which can be exploited by a remote attacker to execute arbitrary code with root privileges.

Recommendations For Cobbler versions up to 2.8.2, update to a version that contains a fix for this issue to prevent arbitrary code execution as the root user.

Exploit

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-77

Related Identifiers

BDU:2018-00330

CVE-2017-1000469

GHSA-96HW-V598-JVGH

OPENSUSE-SU-2018_1770-1

OPENSUSE-SU-2021:0046-1

OPENSUSE-SU-2021:0058-1

OPENSUSE-SU-2021_0046-1

OPENSUSE-SU-2024:10690-1

SUSE-SU-2018:1736-1

SUSE-SU-2018:1741-1

SUSE-SU-2018:1751-1

SUSE-SU-2018_1741-1

USN-6475-1

Affected Products

Cobbler

Suse

Ubuntu

PT-2017-3501 · Cobbler+2 · Cobbler+2

CVE-2017-1000469

Weakness Enumeration

Related Identifiers

Affected Products

References · 146