CVE-2008-6954
EPSS 1.6%Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
Published: 5/17/2022Modified: 12/6/2024
Description
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
Affected packages (1)
- PyPI/cobblerfrom 0, < 1.2.9
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2008-6954
- PATCHhttps://github.com/cobbler/cobbler
- WEBhttp://freshmeat.net/projects/cobbler/releases/288374
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/46625
- WEBhttps://web.archive.org/web/20111227125913/http://secunia.com/advisories/32804
- WEBhttps://web.archive.org/web/20111227151912/http://secunia.com/advisories/32737
- WEBhttps://web.archive.org/web/20200228143518/http://www.securityfocus.com/bid/32317
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html