ID FEDORA:D364460C37D9 Type fedora Reporter Fedora Modified 2018-06-20T14:49:09
Description
Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XMLRPC API for integration with other applications.
{"id": "FEDORA:D364460C37D9", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 28 Update: cobbler-2.8.3-2.fc28", "description": "Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XMLRPC API for integration with other applications. ", "published": "2018-06-20T14:49:09", "modified": "2018-06-20T14:49:09", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2017-1000469"], "lastseen": "2020-12-21T08:17:54", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-1000469"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-46.NASL", "OPENSUSE-2018-655.NASL", "FEDORA_2018-52EE188215.NASL", "SUSE_SU-2018-1741-1.NASL"]}, {"type": "fedora", "idList": ["FEDORA:26305610FA6A"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874715", "OPENVAS:1361412562310874717", "OPENVAS:1361412562310851794"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1770-1"]}], "modified": "2020-12-21T08:17:54", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-12-21T08:17:54", "rev": 2}, "vulnersScore": 5.9}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "28", "arch": "any", "packageName": "cobbler", "packageVersion": "2.8.3", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2021-02-02T06:36:31", "description": "Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the \"add repo\" component resulting in arbitrary code execution as root user.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-03T20:29:00", "title": "CVE-2017-1000469", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000469"], "modified": "2018-01-17T15:42:00", "cpe": ["cpe:/a:cobbler_project:cobbler:2.8.2"], "id": "CVE-2017-1000469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000469", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:cobbler_project:cobbler:2.8.2:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2018-06-21T13:12:57", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000469"], "description": "This update for cobbler fixes the following issues:\n\n The following security issue has been fixed:\n\n - CVE-2017-1000469: Escape shell parameters provided by the user for the\n reposync action. (bsc#1074594)\n\n Additionally, the following non-security issues have been fixed:\n\n - Fix signature for SLES15. (bsc#1075014)\n - Detect if there is already another instance of "cobbler sync" running\n and exit with failure if so. (bsc#1081714)\n - Add SLES 15 distro profile. (bsc#1090205)\n - Require tftp(server) instead of atftp.\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-06-21T12:07:52", "published": "2018-06-21T12:07:52", "id": "OPENSUSE-SU-2018:1770-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00039.html", "title": "Security update for cobbler (moderate)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T12:38:19", "description": "This update for cobbler fixes the following issues :\n\nThe following security issue has been fixed :\n\n - CVE-2017-1000469: Escape shell parameters provided by\n the user for the reposync action. (bsc#1074594)\n\nAdditionally, the following non-security issues have been fixed :\n\n - Fix signature for SLES15. (bsc#1075014)\n\n - Detect if there is already another instance of 'cobbler\n sync' running and exit with failure if so. (bsc#1081714)\n\n - Add SLES 15 distro profile. (bsc#1090205)\n\n - Require tftp(server) instead of atftp.\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-21T00:00:00", "title": "openSUSE Security Update : cobbler (openSUSE-2018-655)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000469"], "modified": "2018-06-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cobbler-tests", "p-cpe:/a:novell:opensuse:koan", "p-cpe:/a:novell:opensuse:cobbler", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:cobbler-web"], "id": "OPENSUSE-2018-655.NASL", "href": "https://www.tenable.com/plugins/nessus/110634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-655.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110634);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000469\");\n\n script_name(english:\"openSUSE Security Update : cobbler (openSUSE-2018-655)\");\n script_summary(english:\"Check for the openSUSE-2018-655 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for cobbler fixes the following issues :\n\nThe following security issue has been fixed :\n\n - CVE-2017-1000469: Escape shell parameters provided by\n the user for the reposync action. (bsc#1074594)\n\nAdditionally, the following non-security issues have been fixed :\n\n - Fix signature for SLES15. (bsc#1075014)\n\n - Detect if there is already another instance of 'cobbler\n sync' running and exit with failure if so. (bsc#1081714)\n\n - Add SLES 15 distro profile. (bsc#1090205)\n\n - Require tftp(server) instead of atftp.\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090205\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cobbler packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cobbler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cobbler-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cobbler-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:koan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cobbler-2.6.6-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cobbler-tests-2.6.6-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"cobbler-web-2.6.6-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"koan-2.6.6-14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cobbler / cobbler-tests / cobbler-web / koan\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:18:15", "description": "Update to 2.8.3 - Fix security issue\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : cobbler (2018-52ee188215)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000469"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cobbler", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-52EE188215.NASL", "href": "https://www.tenable.com/plugins/nessus/120427", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-52ee188215.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120427);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000469\");\n script_xref(name:\"FEDORA\", value:\"2018-52ee188215\");\n\n script_name(english:\"Fedora 28 : cobbler (2018-52ee188215)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.8.3 - Fix security issue\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-52ee188215\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cobbler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cobbler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"cobbler-2.8.3-2.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cobbler\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:53:25", "description": "This update for cobbler fixes the following issues :\n\n - CVE-2017-1000469: Escape shell parameters provided by\n the user for the reposync action. (bsc#1074594)\n\n - Fix for calling koan with virt_type kvm. (bsc#1090205)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-22T00:00:00", "title": "SUSE SLES11 Security Update : cobbler (SUSE-SU-2018:1741-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000469"], "modified": "2018-06-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:koan", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-1741-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110659", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1741-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110659);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000469\");\n\n script_name(english:\"SUSE SLES11 Security Update : cobbler (SUSE-SU-2018:1741-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for cobbler fixes the following issues :\n\n - CVE-2017-1000469: Escape shell parameters provided by\n the user for the reposync action. (bsc#1074594)\n\n - Fix for calling koan with virt_type kvm. (bsc#1090205)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000469/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181741-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec602375\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:zypper in -t patch\nslesctsp4-cobbler-13659=1\n\nSUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:zypper in -t patch\nslesctsp3-cobbler-13659=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:koan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"koan-2.2.2-0.68.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"koan-2.2.2-0.68.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cobbler\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-29T04:39:35", "description": "This update for cobbler fixes the following issues :\n\n - Add cobbler-tests subpackage for unit testing for\n openSUSE/SLE \n\n - Adds LoadModule definitions for openSUSE/SLE\n\n - Switch to new refactored auth module.\n\n - use systemctl to restart cobblerd on logfile rotation\n (boo#1169207) Mainline logrotate conf file uses already\n /sbin/service instead of outdated: /etc/init.d/cobblerd\n\n - Fix cobbler sync for DHCP or DNS (boo#1169553) Fixed\n mainline by commit 2d6cfe42da\n\n - Signatures file now uses 'default_autoinstall' which\n fixes import problem happening with some distributions\n (boo#1159010)\n\n - Fix for kernel and initrd detection (boo#1159010)\n\n - New :\n\n - For the distro there is now a parameter\n remote_boot_initrd and remote_boot_kernel ()\n\n - For the profile there is now a parameter filename for\n DHCP. (#2280)\n\n - Signatures for ESXi 6 and 7 (#2308)\n\n - The hardlink command is now detected more dynamically\n and thus more error resistant (#2297)\n\n - HTTPBoot will now work in some cases out of the bug.\n (#2295)\n\n - Additional DNS query for a case where the wrong record\n was queried in the nsupdate system case (#2285)\n\n - Changes :\n\n - Enabled a lot of tests, removed some and implemented\n new. (#2202)\n\n - Removed not used files from the codebase. (#2302)\n\n - Exchanged mkisofs to xorrisofs. (#2296)\n\n - Removed duplicate code. (#2224)\n\n - Removed unreachable code. (#2223)\n\n - Snippet creation and deletion now works again via\n xmlrpc. (#2244)\n\n - Replace createrepo with createrepo_c. (#2266)\n\n - Enable Kerberos through having a case sensitive\n users.conf. (#2272)\n\n - Bugfixes :\n\n - General various Bugfixes (#2331, )\n\n - Makefile usage and commands. (#2344, #2304)\n\n - Fix the dhcp template. (#2314)\n\n - Creation of the management classes and gPXE. (#2310)\n\n - Fix the scm_track module. (#2275, #2279)\n\n - Fix passing the netdevice parameter correctly to the\n linuxrc. (#2263)\n\n - powerstatus from cobbler now works thanks to a wrapper\n for ipmitool. (#2267)\n\n - In case the LDAP is used for auth, it now works with\n ADs. (#2274)\n\n - Fix passthru authentication. (#2271)\n\n - Other :\n\n - Add Codecov. (#2229)\n\n - Documentation updates. (#2333, #2326, #2305, #2249,\n #2268)\n\n - Buildprocess :\n\n - Recreation and cleanup of Grub2. (#2278)\n\n - Fix small errors for openSUSE Leap. (#2233)\n\n - Fix rpmlint errors. (#2237)\n\n - Maximum compatibility for debbuild package creation.\n (#2255, #2292, #2242, #2300)\n\n - Fixes related to our CI Pipeline (#2254, #2269)\n\n - Internal Code cleanup (#2273, #2270)\n\n - Breaking Changes :\n\n - Hash handling in users.digest file. (#2299) \n\n - Updated to version 3.1.1.\n\n - Introduce new packaging from upstream\n\n - Changelog see below\n\n - New :\n\n - We are now having a cross-distro specfile which can be\n build in the OBS (#2220) - before rewritten it was\n improved by #2144 & #2174\n\n - Grub Submenu for net-booting machines (#2217)\n\n - Building the Cent-OS RPMs in Docker (#2190 #2189)\n\n - Reintroduced manpage build in setup.py (#2185)\n\n - mgmt_parameters are now passed to the dhcp template\n (#2182)\n\n - Using the standard Pyhton3 logger instead of a custom\n one (#2160 #2139 #2151)\n\n - Script for converting the settings file from 3.0.0 to\n 3.0.1 (#2154)\n\n - Docs now inside the repo instead of cobbler.github.io\n and improved with sphinx (#2117)\n\n - Changes :\n\n - The default tftpboot directory is now /var/lib/tftpboot\n instead of previously /srv/tftpboot (#2220)\n\n - Distro signatures were adjusted where necessary (#2219\n #2134)\n\n - Removed requirements.txt and placed the requirements in\n setup.py (#2204)\n\n - Display only entries in grub which are from the same\n arch (#2191 #2216)\n\n - Change the name of the cobbler manpage form cobbler-cli\n to cobbler back and move it to section 8 (#2188 #2186)\n\n - Bugfixes :\n\n - Incremented Version to 3.1.1 from 3.0.1\n\n - S390 Support was cleaned up (#2207 #2178)\n\n - PowerPC Support was cleaned up (#2178)\n\n - Added a missing import while importing a distro with\n cobbler import (#2201)\n\n - Fixed a case where a stacktrace would be produced so\n pass none instead (#2203)\n\n - Rename of suse_kopts_textmode_overwrite to\n kops_overwrite to utils (#2143 #2200)\n\n - Fix rsync subprocess call (#2199 #2179)\n\n - Fixed an error where the template rendering did not work\n (#2176)\n\n - Fixed some cobbler import errors (#2172)\n\n - Wrong shebang in various scripts (#2148)\n\n - Fix some imports which fixes errors introduced by the\n remodularization (#2150 #2153)\n\n - Other :\n\n - Issue Templates for Github (#2187)\n\n - Update to latest git HEAD code base This version (from\n mainline so for quite a while already) also includes\n fixes for 'boo#1149075' and boo#1151875\n\n - Fix for cobbler import and buildiso (boo#1156574)\n\n - Adjusted manpage creation (needs sphinx as\n BuildRequires)\n\n - Fix cobbler sync for dhcp and dns enabled due to latest\n module renaming patches\n\n - Update to latest git HEAD\n\n - Fixes permission denied in apache2 context when trying\n to write cobbler log\n\n - Fixes a bad import in import_signature (item)\n\n - Fixes bad shebang bash path in mkgrub.sh (used in post\n section)\n\n - Now track Github master branch WARNING: This release\n contains breaking changes for your settings file! \n\n - Notable changes :\n\n - Now using standard python logger\n\n - Updated dhcpd.template \n\n - Removed fix_shebang.patch: now in upstream. \n\n - added -s parameter to fdupes call to prevent hardlink\n across partititons\n\n - Update to latest v3.0.0 cobbler release\n\n - Add previouly added patch:\n exclude_get-loaders_command.patch to the list of patches\n to apply.\n\n - Fix log file world readable (as suggested by Matthias\n Gerstner) and change file attributes via attr in spec\n file\n\n - Do not allow get-loaders command (download of\n third-party provided network boot loaders we do not\n trust)\n\n - Mainline fixes: 3172d1df9b9cc8 Add missing help text in\n redhat_management_key field c8f5490e507a72 Set default\n interface if cobbler system add has no\n\n --interface= param 31a1aa31d26c4a Remove apache\n IfVersion tags from apache configs\n\n - Integrated fixes that came in from mainline from other\n products (to calm down obs regression checker):\n CVE-2011-4953, fate#312397, boo#660126, boo#671212,\n boo#672471, boo#682665 boo#687891, boo#695955,\n boo#722443, boo#722445, boo#757062, boo#763610\n boo#783671, boo#790545, boo#796773, boo#811025,\n boo#812948, boo#842699 boo#846580, boo#869371,\n boo#884051, boo#976826, boo#984998 Some older bugs need\n boo# references as well: boo#660126, boo#671212,\n boo#672471, boo#682665 boo#687891, boo#695955,\n boo#722443, boo#722445, boo#757062, boo#763610\n boo#783671, boo#790545, boo#796773, boo#811025,\n boo#812948, boo#842699 boo#846580, boo#869371,\n boo#884051\n\n - Fix for redhat_management_key not being listed as a\n choice during profile rename (boo#1134588)\n\n - Added :\n\n - rhn-mngmnt-key-field-fix.diff\n\n - Fixes distribution detection in setup.py for SLESo\n\n - Added :\n\n -\n changes-detection-to-distro-like-for-suse-distributions.\n diff\n\n - Moving to pytest and adding Docker test integration\n\n - Added :\n\n - add-docker-integration-testing.diff\n\n - refactor-unittest-to-pytest.diff\n\n - Additional compatability changes for old Koan versions.\n\n - Modified :\n\n - renamed-methods-alias-part2.patch\n\n - Old Koan versions not only need method aliases, but also\n need compatible responses\n\n - Added :\n\n - renamed-methods-alias-part2.patch\n\n - Add the redhat_managment_* fields again to enable\n templating in SUMA.\n\n - Added :\n\n - revert-redhat-management-removal.patch \n\n - Changes return of last_modified_time RPC to float\n\n - Added :\n\n - changes-return-to-float.diff\n\n - provide old name aliases for all renamed methods :\n\n - get_distro_for_koan => get_distro_as_rendered\n\n - get_profile_for_koan => get_profile_as_rendered\n\n - get_system_for_koan => get_system_as_rendered\n\n - get_repo_for_koan => get_repo_as_rendered\n\n - get_image_for_koan => get_image_as_rendered\n\n - get_mgmtclass_for_koan => get_mgmtclass_as_rendered\n\n - get_package_for_koan => get_package_as_rendered\n\n - get_file_for_koan => get_file_as_rendered\n\n - Renamed: get_system_for_koan.patch =>\n renamed-methods-alias.patch\n\n - provide renamed method 'get_system_for_koan' under old\n name for old clients.\n\n - Added :\n\n - get_system_for_koan.patch\n\n - Bring back power_system method in the XML-RPC API\n\n - Changed lanplus option to lanplus=true in\n fence_ipmitool.template\n\n - Added :\n\n - power_system_xmlrpc_api.patch\n\n - Changed :\n\n - fence_ipmitool.template\n\n - Disables nsupdate_enabled by default\n\n - Added :\n\n - disable_nsupdate_enabled_by_default.diff\n\n - Fixes issue in distribution detection with 'lower'\n function call.\n\n - Modified :\n\n - remodeled-distro-detection.diff \n\n - Adds imporoved distribution detection. Since now all\n base products get detected correctly, we no longer need\n the SUSE Manager patch.\n\n - Added :\n\n - remodeled-distro-detection.diff \n\n - fix grub directory layout\n\n - Added :\n\n - create-system-directory-at-the-correct-place.patch\n\n - fix HTTP status code of XMLRPC service\n\n - Added :\n\n - fix-http-status-code.patch\n\n - touch /etc/genders when it not exists (boo#1128926)\n\n - Add patches to fix logging\n\n - Added :\n\n - return-the-name-of-the-unknown-method.patch\n\n - call-with-logger-where-possible.patch\n\n - Switching version schema from 3.0 to 3.0.0\n\n - Fixes case where distribution detection returns None\n (boo#1130658)\n\n - Added :\n\n - fixes-distro-none-case.diff\n\n - Removes newline from token, which caused authentication\n error (boo#1128754)\n\n - Added :\n\n - remove-newline-from-token.diff\n\n - Added a patch which fixes an exception when login in\n with a non-root user.\n\n - Added :\n\n - fix-login-error.patch\n\n - Added a patch which fixes an exception when login in\n with a non-root user.\n\n - Added :\n\n - fix-login-error.patch\n\n\n\n - Remove patch merged at upstream :\n\n - 0001-return-token-as-string.patch\n\n - change grub2-x86_64-efi dependency to Recommends\n\n - grub2-i386pc is not really required. Changed to\n recommended to allow building for architectures other\n than x86_64\n\n - Use cdrtools starting with SLE-15 and Leap-15 again.\n (boo#1081739)\n\n - Update cobbler loaders server hostname (boo#980577)\n\n - Update outdated apache config (boo#956264)\n\n - Replace builddate with changelog date to fix\n build-compare (boo#969538)\n\n - LOCKFILE usage removed on openSUSE (boo#714618)\n\n - Power management subsystem completely re-worked to\n prevent command-injection (CVE-2012-2395)\n\n - Removed patch merged at upstream :\n\n - cobblerd_needs_apache2_service_started.patch\n\n - Checking bug fixes of released products are in latest\n develop pkg :\n\n - remove fix-nameserver-search.fix; bug is invalid\n (boo#1029276)\n\n -> not needed anymore\n\n - fix cobbler yaboot handling (boo#968406, boo#966622)\n\n -> no yaboot support anymore\n\n - support UEFI boot with cobbler generated tftp tree\n (boo#1020376)\n\n -> upstream\n\n - Enabling PXE grub2 support for PowerPC (boo#986978)\n\n -> We have grub2 support for ppc64le\n\n - (boo#1048183) fix missing args and location for xen\n\n -> is in\n\n - no koan support anymore: boo#969541, boo#924118,\n boo#967523\n\n - not installed (boo#966841) works.\n\n - These still have to be looked at: SUSE system as systemd\n only (boo#952844) handle list value for kernel options\n correctly (boo#973413) entry in pxe menu (boo#988889)\n\n - This still has to be switched off (at least in internal\n cobbler versions): Disabling 'get-loaders' command and\n 'check' fixed. boo#973418\n\n - Add explicity require to tftp, so it is used for both\n SLE and openSUSE (originally from jgonzalez@suse.com)\n\n - Moved Recommends according to spec_cleaner\n\n - Require latest apache2-mod_wsgi-python3 package This\n fixes interface to http://localhost/cblr/svc/...\n\n - Use latest github cobbler/cobbler master branch in\n _service file\n\n - cobblerd_needs_apache2_service_started.patch reverted,\n that is mainline now :\n\n - Only recommend grub2-arm and grub2-ppc packages or we\n might not be able to build on factory where arm/ppc\n might not be built\n\n - Remove genders package requires. A genders file is\n generated, but we do not need/use the genders package.\n\n - Update to latest cobbler version 3.0 mainline git HEAD\n version and remove already integrated or not needed\n anymore patches.\n\n - Serial console support added, did some testing already\n Things should start to work as expected\n\n - Add general grub2 support\n\n - Put mkgrub.* into mkgrub.sh\n\n - Add git date and commit to version string for now\n\n - Add grub2 mkimage scripts: mkgrub.i386-pc\n mkgrub.powerpc-ieee1275 mkgrub.x86_64-efi\n mkgrub.arm64-efi and generate grub executables with them\n in the %post section\n\n\n\n - build server wants explicite package in BuildRequires;\n use tftp\n\n - require tftp(server) instead of atftp\n\n - cleanup: cobbler is noarch, so arch specific requires do\n not make sense\n\n - SLES15 is using /etc/os-release instead of\n /etc/SuSE-release, use this one for checking also\n\n - add sles15 distro profile (boo#1090205)\n\n - fix signature for SLES15 (boo#1075014)\n\n - fix signature for SLES15 (boo#1075014)\n\n - fix koan wait parameter initialization\n\n - Fix koan shebang\n\n - Escape shell parameters provided by the user for the\n reposync action (CVE-2017-1000469) (boo#1074594)\n\n - detect if there is already another instance of 'cobbler\n sync' running and exit with failure if so (boo#1081714)\n\n - do not try to hardlink to a symlink. The result will be\n a dangling symlink in the general case (boo#1097733)\n\n - fix service restart after logrotate for cobblerd\n (boo#1113747)\n\n - rotate cobbler logs at higher frequency to prevent disk\n fillup (boo#1113747)\n\n - Forbid exposure of private methods in the API\n (CVE-2018-10931) (CVE-2018-1000225) (boo#1104287)\n (boo#1104189) (boo#1105442)\n\n - Check access token when calling 'modify_setting' API\n endpoint (boo#1104190) (boo#1105440) (CVE-2018-1000226)", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-25T00:00:00", "title": "openSUSE Security Update : cobbler (openSUSE-2021-46)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000225", "CVE-2018-10931", "CVE-2012-2395", "CVE-2017-1000469", "CVE-2011-4953", "CVE-2018-1000226"], "modified": "2021-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cobbler-tests", "cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:cobbler", "p-cpe:/a:novell:opensuse:cobbler-web"], "id": "OPENSUSE-2021-46.NASL", "href": "https://www.tenable.com/plugins/nessus/145357", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-46.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145357);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2011-4953\", \"CVE-2012-2395\", \"CVE-2017-1000469\", \"CVE-2018-1000225\", \"CVE-2018-1000226\", \"CVE-2018-10931\");\n\n script_name(english:\"openSUSE Security Update : cobbler (openSUSE-2021-46)\");\n script_summary(english:\"Check for the openSUSE-2021-46 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for cobbler fixes the following issues :\n\n - Add cobbler-tests subpackage for unit testing for\n openSUSE/SLE \n\n - Adds LoadModule definitions for openSUSE/SLE\n\n - Switch to new refactored auth module.\n\n - use systemctl to restart cobblerd on logfile rotation\n (boo#1169207) Mainline logrotate conf file uses already\n /sbin/service instead of outdated: /etc/init.d/cobblerd\n\n - Fix cobbler sync for DHCP or DNS (boo#1169553) Fixed\n mainline by commit 2d6cfe42da\n\n - Signatures file now uses 'default_autoinstall' which\n fixes import problem happening with some distributions\n (boo#1159010)\n\n - Fix for kernel and initrd detection (boo#1159010)\n\n - New :\n\n - For the distro there is now a parameter\n remote_boot_initrd and remote_boot_kernel ()\n\n - For the profile there is now a parameter filename for\n DHCP. (#2280)\n\n - Signatures for ESXi 6 and 7 (#2308)\n\n - The hardlink command is now detected more dynamically\n and thus more error resistant (#2297)\n\n - HTTPBoot will now work in some cases out of the bug.\n (#2295)\n\n - Additional DNS query for a case where the wrong record\n was queried in the nsupdate system case (#2285)\n\n - Changes :\n\n - Enabled a lot of tests, removed some and implemented\n new. (#2202)\n\n - Removed not used files from the codebase. (#2302)\n\n - Exchanged mkisofs to xorrisofs. (#2296)\n\n - Removed duplicate code. (#2224)\n\n - Removed unreachable code. (#2223)\n\n - Snippet creation and deletion now works again via\n xmlrpc. (#2244)\n\n - Replace createrepo with createrepo_c. (#2266)\n\n - Enable Kerberos through having a case sensitive\n users.conf. (#2272)\n\n - Bugfixes :\n\n - General various Bugfixes (#2331, )\n\n - Makefile usage and commands. (#2344, #2304)\n\n - Fix the dhcp template. (#2314)\n\n - Creation of the management classes and gPXE. (#2310)\n\n - Fix the scm_track module. (#2275, #2279)\n\n - Fix passing the netdevice parameter correctly to the\n linuxrc. (#2263)\n\n - powerstatus from cobbler now works thanks to a wrapper\n for ipmitool. (#2267)\n\n - In case the LDAP is used for auth, it now works with\n ADs. (#2274)\n\n - Fix passthru authentication. (#2271)\n\n - Other :\n\n - Add Codecov. (#2229)\n\n - Documentation updates. (#2333, #2326, #2305, #2249,\n #2268)\n\n - Buildprocess :\n\n - Recreation and cleanup of Grub2. (#2278)\n\n - Fix small errors for openSUSE Leap. (#2233)\n\n - Fix rpmlint errors. (#2237)\n\n - Maximum compatibility for debbuild package creation.\n (#2255, #2292, #2242, #2300)\n\n - Fixes related to our CI Pipeline (#2254, #2269)\n\n - Internal Code cleanup (#2273, #2270)\n\n - Breaking Changes :\n\n - Hash handling in users.digest file. (#2299) \n\n - Updated to version 3.1.1.\n\n - Introduce new packaging from upstream\n\n - Changelog see below\n\n - New :\n\n - We are now having a cross-distro specfile which can be\n build in the OBS (#2220) - before rewritten it was\n improved by #2144 & #2174\n\n - Grub Submenu for net-booting machines (#2217)\n\n - Building the Cent-OS RPMs in Docker (#2190 #2189)\n\n - Reintroduced manpage build in setup.py (#2185)\n\n - mgmt_parameters are now passed to the dhcp template\n (#2182)\n\n - Using the standard Pyhton3 logger instead of a custom\n one (#2160 #2139 #2151)\n\n - Script for converting the settings file from 3.0.0 to\n 3.0.1 (#2154)\n\n - Docs now inside the repo instead of cobbler.github.io\n and improved with sphinx (#2117)\n\n - Changes :\n\n - The default tftpboot directory is now /var/lib/tftpboot\n instead of previously /srv/tftpboot (#2220)\n\n - Distro signatures were adjusted where necessary (#2219\n #2134)\n\n - Removed requirements.txt and placed the requirements in\n setup.py (#2204)\n\n - Display only entries in grub which are from the same\n arch (#2191 #2216)\n\n - Change the name of the cobbler manpage form cobbler-cli\n to cobbler back and move it to section 8 (#2188 #2186)\n\n - Bugfixes :\n\n - Incremented Version to 3.1.1 from 3.0.1\n\n - S390 Support was cleaned up (#2207 #2178)\n\n - PowerPC Support was cleaned up (#2178)\n\n - Added a missing import while importing a distro with\n cobbler import (#2201)\n\n - Fixed a case where a stacktrace would be produced so\n pass none instead (#2203)\n\n - Rename of suse_kopts_textmode_overwrite to\n kops_overwrite to utils (#2143 #2200)\n\n - Fix rsync subprocess call (#2199 #2179)\n\n - Fixed an error where the template rendering did not work\n (#2176)\n\n - Fixed some cobbler import errors (#2172)\n\n - Wrong shebang in various scripts (#2148)\n\n - Fix some imports which fixes errors introduced by the\n remodularization (#2150 #2153)\n\n - Other :\n\n - Issue Templates for Github (#2187)\n\n - Update to latest git HEAD code base This version (from\n mainline so for quite a while already) also includes\n fixes for 'boo#1149075' and boo#1151875\n\n - Fix for cobbler import and buildiso (boo#1156574)\n\n - Adjusted manpage creation (needs sphinx as\n BuildRequires)\n\n - Fix cobbler sync for dhcp and dns enabled due to latest\n module renaming patches\n\n - Update to latest git HEAD\n\n - Fixes permission denied in apache2 context when trying\n to write cobbler log\n\n - Fixes a bad import in import_signature (item)\n\n - Fixes bad shebang bash path in mkgrub.sh (used in post\n section)\n\n - Now track Github master branch WARNING: This release\n contains breaking changes for your settings file! \n\n - Notable changes :\n\n - Now using standard python logger\n\n - Updated dhcpd.template \n\n - Removed fix_shebang.patch: now in upstream. \n\n - added -s parameter to fdupes call to prevent hardlink\n across partititons\n\n - Update to latest v3.0.0 cobbler release\n\n - Add previouly added patch:\n exclude_get-loaders_command.patch to the list of patches\n to apply.\n\n - Fix log file world readable (as suggested by Matthias\n Gerstner) and change file attributes via attr in spec\n file\n\n - Do not allow get-loaders command (download of\n third-party provided network boot loaders we do not\n trust)\n\n - Mainline fixes: 3172d1df9b9cc8 Add missing help text in\n redhat_management_key field c8f5490e507a72 Set default\n interface if cobbler system add has no\n\n --interface= param 31a1aa31d26c4a Remove apache\n IfVersion tags from apache configs\n\n - Integrated fixes that came in from mainline from other\n products (to calm down obs regression checker):\n CVE-2011-4953, fate#312397, boo#660126, boo#671212,\n boo#672471, boo#682665 boo#687891, boo#695955,\n boo#722443, boo#722445, boo#757062, boo#763610\n boo#783671, boo#790545, boo#796773, boo#811025,\n boo#812948, boo#842699 boo#846580, boo#869371,\n boo#884051, boo#976826, boo#984998 Some older bugs need\n boo# references as well: boo#660126, boo#671212,\n boo#672471, boo#682665 boo#687891, boo#695955,\n boo#722443, boo#722445, boo#757062, boo#763610\n boo#783671, boo#790545, boo#796773, boo#811025,\n boo#812948, boo#842699 boo#846580, boo#869371,\n boo#884051\n\n - Fix for redhat_management_key not being listed as a\n choice during profile rename (boo#1134588)\n\n - Added :\n\n - rhn-mngmnt-key-field-fix.diff\n\n - Fixes distribution detection in setup.py for SLESo\n\n - Added :\n\n -\n changes-detection-to-distro-like-for-suse-distributions.\n diff\n\n - Moving to pytest and adding Docker test integration\n\n - Added :\n\n - add-docker-integration-testing.diff\n\n - refactor-unittest-to-pytest.diff\n\n - Additional compatability changes for old Koan versions.\n\n - Modified :\n\n - renamed-methods-alias-part2.patch\n\n - Old Koan versions not only need method aliases, but also\n need compatible responses\n\n - Added :\n\n - renamed-methods-alias-part2.patch\n\n - Add the redhat_managment_* fields again to enable\n templating in SUMA.\n\n - Added :\n\n - revert-redhat-management-removal.patch \n\n - Changes return of last_modified_time RPC to float\n\n - Added :\n\n - changes-return-to-float.diff\n\n - provide old name aliases for all renamed methods :\n\n - get_distro_for_koan => get_distro_as_rendered\n\n - get_profile_for_koan => get_profile_as_rendered\n\n - get_system_for_koan => get_system_as_rendered\n\n - get_repo_for_koan => get_repo_as_rendered\n\n - get_image_for_koan => get_image_as_rendered\n\n - get_mgmtclass_for_koan => get_mgmtclass_as_rendered\n\n - get_package_for_koan => get_package_as_rendered\n\n - get_file_for_koan => get_file_as_rendered\n\n - Renamed: get_system_for_koan.patch =>\n renamed-methods-alias.patch\n\n - provide renamed method 'get_system_for_koan' under old\n name for old clients.\n\n - Added :\n\n - get_system_for_koan.patch\n\n - Bring back power_system method in the XML-RPC API\n\n - Changed lanplus option to lanplus=true in\n fence_ipmitool.template\n\n - Added :\n\n - power_system_xmlrpc_api.patch\n\n - Changed :\n\n - fence_ipmitool.template\n\n - Disables nsupdate_enabled by default\n\n - Added :\n\n - disable_nsupdate_enabled_by_default.diff\n\n - Fixes issue in distribution detection with 'lower'\n function call.\n\n - Modified :\n\n - remodeled-distro-detection.diff \n\n - Adds imporoved distribution detection. Since now all\n base products get detected correctly, we no longer need\n the SUSE Manager patch.\n\n - Added :\n\n - remodeled-distro-detection.diff \n\n - fix grub directory layout\n\n - Added :\n\n - create-system-directory-at-the-correct-place.patch\n\n - fix HTTP status code of XMLRPC service\n\n - Added :\n\n - fix-http-status-code.patch\n\n - touch /etc/genders when it not exists (boo#1128926)\n\n - Add patches to fix logging\n\n - Added :\n\n - return-the-name-of-the-unknown-method.patch\n\n - call-with-logger-where-possible.patch\n\n - Switching version schema from 3.0 to 3.0.0\n\n - Fixes case where distribution detection returns None\n (boo#1130658)\n\n - Added :\n\n - fixes-distro-none-case.diff\n\n - Removes newline from token, which caused authentication\n error (boo#1128754)\n\n - Added :\n\n - remove-newline-from-token.diff\n\n - Added a patch which fixes an exception when login in\n with a non-root user.\n\n - Added :\n\n - fix-login-error.patch\n\n - Added a patch which fixes an exception when login in\n with a non-root user.\n\n - Added :\n\n - fix-login-error.patch\n\n\n\n - Remove patch merged at upstream :\n\n - 0001-return-token-as-string.patch\n\n - change grub2-x86_64-efi dependency to Recommends\n\n - grub2-i386pc is not really required. Changed to\n recommended to allow building for architectures other\n than x86_64\n\n - Use cdrtools starting with SLE-15 and Leap-15 again.\n (boo#1081739)\n\n - Update cobbler loaders server hostname (boo#980577)\n\n - Update outdated apache config (boo#956264)\n\n - Replace builddate with changelog date to fix\n build-compare (boo#969538)\n\n - LOCKFILE usage removed on openSUSE (boo#714618)\n\n - Power management subsystem completely re-worked to\n prevent command-injection (CVE-2012-2395)\n\n - Removed patch merged at upstream :\n\n - cobblerd_needs_apache2_service_started.patch\n\n - Checking bug fixes of released products are in latest\n develop pkg :\n\n - remove fix-nameserver-search.fix; bug is invalid\n (boo#1029276)\n\n -> not needed anymore\n\n - fix cobbler yaboot handling (boo#968406, boo#966622)\n\n -> no yaboot support anymore\n\n - support UEFI boot with cobbler generated tftp tree\n (boo#1020376)\n\n -> upstream\n\n - Enabling PXE grub2 support for PowerPC (boo#986978)\n\n -> We have grub2 support for ppc64le\n\n - (boo#1048183) fix missing args and location for xen\n\n -> is in\n\n - no koan support anymore: boo#969541, boo#924118,\n boo#967523\n\n - not installed (boo#966841) works.\n\n - These still have to be looked at: SUSE system as systemd\n only (boo#952844) handle list value for kernel options\n correctly (boo#973413) entry in pxe menu (boo#988889)\n\n - This still has to be switched off (at least in internal\n cobbler versions): Disabling 'get-loaders' command and\n 'check' fixed. boo#973418\n\n - Add explicity require to tftp, so it is used for both\n SLE and openSUSE (originally from jgonzalez@suse.com)\n\n - Moved Recommends according to spec_cleaner\n\n - Require latest apache2-mod_wsgi-python3 package This\n fixes interface to http://localhost/cblr/svc/...\n\n - Use latest github cobbler/cobbler master branch in\n _service file\n\n - cobblerd_needs_apache2_service_started.patch reverted,\n that is mainline now :\n\n - Only recommend grub2-arm and grub2-ppc packages or we\n might not be able to build on factory where arm/ppc\n might not be built\n\n - Remove genders package requires. A genders file is\n generated, but we do not need/use the genders package.\n\n - Update to latest cobbler version 3.0 mainline git HEAD\n version and remove already integrated or not needed\n anymore patches.\n\n - Serial console support added, did some testing already\n Things should start to work as expected\n\n - Add general grub2 support\n\n - Put mkgrub.* into mkgrub.sh\n\n - Add git date and commit to version string for now\n\n - Add grub2 mkimage scripts: mkgrub.i386-pc\n mkgrub.powerpc-ieee1275 mkgrub.x86_64-efi\n mkgrub.arm64-efi and generate grub executables with them\n in the %post section\n\n\n\n - build server wants explicite package in BuildRequires;\n use tftp\n\n - require tftp(server) instead of atftp\n\n - cleanup: cobbler is noarch, so arch specific requires do\n not make sense\n\n - SLES15 is using /etc/os-release instead of\n /etc/SuSE-release, use this one for checking also\n\n - add sles15 distro profile (boo#1090205)\n\n - fix signature for SLES15 (boo#1075014)\n\n - fix signature for SLES15 (boo#1075014)\n\n - fix koan wait parameter initialization\n\n - Fix koan shebang\n\n - Escape shell parameters provided by the user for the\n reposync action (CVE-2017-1000469) (boo#1074594)\n\n - detect if there is already another instance of 'cobbler\n sync' running and exit with failure if so (boo#1081714)\n\n - do not try to hardlink to a symlink. The result will be\n a dangling symlink in the general case (boo#1097733)\n\n - fix service restart after logrotate for cobblerd\n (boo#1113747)\n\n - rotate cobbler logs at higher frequency to prevent disk\n fillup (boo#1113747)\n\n - Forbid exposure of private methods in the API\n (CVE-2018-10931) (CVE-2018-1000225) (boo#1104287)\n (boo#1104189) (boo#1105442)\n\n - Check access token when calling 'modify_setting' API\n endpoint (boo#1104190) (boo#1105440) (CVE-2018-1000226)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://localhost/cblr/svc/...\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=660126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=671212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=672471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=682665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=687891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=695955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=714618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=722443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=722445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=757062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=763610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=783671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=790545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=796773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=811025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=812948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=842699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=846580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=869371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=884051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/312397\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected cobbler packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cobbler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cobbler-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cobbler-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cobbler-3.1.2-lp152.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cobbler-tests-3.1.2-lp152.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cobbler-web-3.1.2-lp152.6.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cobbler / cobbler-tests / cobbler-web\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000469"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-21T00:00:00", "id": "OPENVAS:1361412562310874717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874717", "type": "openvas", "title": "Fedora Update for cobbler FEDORA-2018-52ee188215", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_52ee188215_cobbler_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for cobbler FEDORA-2018-52ee188215\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874717\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-21 06:21:03 +0200 (Thu, 21 Jun 2018)\");\n script_cve_id(\"CVE-2017-1000469\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for cobbler FEDORA-2018-52ee188215\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cobbler'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"cobbler on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-52ee188215\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQV2FJBUBMMCYHCBQCHV3DFG7AH2HET3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"cobbler\", rpm:\"cobbler~2.8.3~2.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000469"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-21T00:00:00", "id": "OPENVAS:1361412562310874715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874715", "type": "openvas", "title": "Fedora Update for cobbler FEDORA-2018-f96f72ce8f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_f96f72ce8f_cobbler_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for cobbler FEDORA-2018-f96f72ce8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874715\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-21 06:20:51 +0200 (Thu, 21 Jun 2018)\");\n script_cve_id(\"CVE-2017-1000469\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for cobbler FEDORA-2018-f96f72ce8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cobbler'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"cobbler on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-f96f72ce8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4FXW2VWYD67GT3VFBKAP4YXVKL2IHGO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"cobbler\", rpm:\"cobbler~2.8.3~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:38:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000469"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-06-22T00:00:00", "id": "OPENVAS:1361412562310851794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851794", "type": "openvas", "title": "openSUSE: Security Advisory for cobbler (openSUSE-SU-2018:1770-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851794\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-22 05:51:25 +0200 (Fri, 22 Jun 2018)\");\n script_cve_id(\"CVE-2017-1000469\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for cobbler (openSUSE-SU-2018:1770-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cobbler'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for cobbler fixes the following issues:\n\n The following security issue has been fixed:\n\n - CVE-2017-1000469: Escape shell parameters provided by the user for the\n reposync action. (bsc#1074594)\n\n Additionally, the following non-security issues have been fixed:\n\n - Fix signature for SLES15. (bsc#1075014)\n\n - Detect if there is already another instance of 'cobbler sync' running\n and exit with failure if so. (bsc#1081714)\n\n - Add SLES 15 distro profile. (bsc#1090205)\n\n - Require tftp(server) instead of atftp.\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-655=1\");\n\n script_tag(name:\"affected\", value:\"cobbler on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1770-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"cobbler\", rpm:\"cobbler~2.6.6~14.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cobbler-tests\", rpm:\"cobbler-tests~2.6.6~14.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cobbler-web\", rpm:\"cobbler-web~2.6.6~14.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"koan\", rpm:\"koan~2.6.6~14.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000469"], "description": "Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XMLRPC API for integration with other applications. ", "modified": "2018-06-20T13:55:20", "published": "2018-06-20T13:55:20", "id": "FEDORA:26305610FA6A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: cobbler-2.8.3-2.fc27", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
