Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.COBBLER_POWER_COMMAND_INJECTION.NASL
HistoryJun 07, 2012 - 12:00 a.m.

Cobbler xmlrpc API power_system Method Remote Shell Command Execution

2012-06-0700:00:00
This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
45

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.7 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

According to its self-reported version, the Cobbler install on the remote host is affected by a command injection vulnerability that can be exploited by sending a specially crafted username or password argument to the ‘power_system’ method.

Successful exploitation requires an authenticated user and xmlrpc API access.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(59402);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");

  script_cve_id("CVE-2012-2395");
  script_bugtraq_id(53666);

  script_name(english:"Cobbler xmlrpc API power_system Method Remote Shell Command Execution");

  script_set_attribute(attribute:"synopsis", value:
"The remote service is affected by a command injection vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cobbler install on the
remote host is affected by a command injection vulnerability that can
be exploited by sending a specially crafted username or password
argument to the 'power_system' method. 

Successful exploitation requires an authenticated user and xmlrpc API
access.");
  # https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0c3391f4");
  script_set_attribute(attribute:"see_also", value:"https://github.com/cobbler/cobbler/issues/141");
  script_set_attribute(attribute:"see_also", value:"https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the latest developmental version of Cobbler or apply the
fixes manually.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2395");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/07");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:michael_dehaan:cobbler");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cobbler_admin_detect.nasl", "cobbler_xmlrpc_detect.nasl");
  script_require_keys("www/cobbler/xmlrpc", "Settings/ParanoidReport", "www/cobbler_web_admin");
  script_exclude_keys("Settings/disable_cgi_scanning");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("datetime.inc");
include("webapp_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80);

install = get_install_from_kb(appname:'cobbler_web_admin', port:port, exit_on_fail:TRUE);

appname = "Cobbler";
kb_base = "www/" + port + "/cobbler/xmlrpc/";
	
version = get_kb_item_or_exit(kb_base + "Version");
url = build_url(port:port, qs:install['dir'] + '/');

if (version == 'unknown') audit(AUDIT_UNKNOWN_WEB_APP_VER, appname, url);

gitdate = get_kb_item_or_exit(kb_base + "GitDate");
gitstamp = get_kb_item_or_exit(kb_base + "GitStamp");

item = eregmatch(pattern:"[A-Z][a-z]{2} ([A-Z][a-z]{2}) ([0-9]{1,2}) [0-9]{2}:[0-9]{2}:[0-9]{2} ([0-9]{4}) ", string:gitdate);
if (isnull(item)) exit(1, "Failed to parse '"+kb_base+"GitDate' KB item.");

month = int(month_num_by_name(base:1, item[1]));
day = int(item[2]);
year = int(item[3]);

if (
  # author says next release (2.2.3) will have fix
  ver_compare(ver:version, fix:'2.2.3',strict:FALSE) == -1 ||
  (version =~ "^2\.3\." && # version of current developmental master branch with fix 
    ( 
     year < 2012 ||
    (year == 2012 && month < 5) ||
    (year == 2012 && month == 5 && day < 6) ||
    (year == 2012 && month == 5 && day == 6 && 
     gitstamp != "1003578" && gitstamp != "6d9167e")
    )
  )
)
{
  if(report_verbosity > 0)
  {
    report = '\n  Installed version : ' + version + ' (Git Date : ' + gitdate + ')' + 
             '\n  Fixed version     : 2.3.1 (Git Date : Sun May 6 21:15:27 2012 -0700)\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, appname, port, version + ' (Git Date : ' + gitdate + ')');
VendorProductVersionCPE
michael_dehaancobblercpe:/a:michael_dehaan:cobbler

Related

ubuntucve 1
github 1
cve 1
nessus 3
suse 4
gitlab 1
openvas 4
osv 1
cvelist 1
redhat 1
prion 1
nvd 1
ubuntucve
ubuntucve
CVE-2012-2395
2012-06-16 00:00:00
github
github
Cobbler subject to Command Injection
2022-05-17 05:27:39
cve
cve
CVE-2012-2395
2012-06-16 00:55:07
nessus
nessus
openSUSE Security Update : cobbler (openSUSE-SU-2012:0655-1)
2014-06-13 00:00:00
RHEL 5 / 6 : cobbler (RHSA-2012:1060)
2013-01-24 00:00:00
openSUSE Security Update : cobbler (openSUSE-2021-46)
2021-01-25 00:00:00
suse
suse
Security update for cobbler (important)
2012-07-03 16:08:22
update for cobbler (important)
2012-05-29 15:08:19
Security update for cobbler (moderate)
2021-01-14 00:00:00
gitlab
gitlab
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
2022-05-17 00:00:00
openvas
openvas
SuSE Update for update openSUSE-SU-2012:0655-1 (update)
2012-12-13 00:00:00
openSUSE: Security Advisory for update (openSUSE-SU-2012:0655-1)
2012-12-13 00:00:00
Cobbler 2.2.0 Command Injection Vulnerability
2012-07-12 00:00:00
osv
osv
Cobbler subject to Command Injection
2022-05-17 05:27:39
cvelist
cvelist
CVE-2012-2395
2012-06-16 00:00:00
redhat
redhat
(RHSA-2012:1060) Moderate: cobbler security update
2012-07-09 00:00:00
prion
prion
Input validation
2012-06-16 00:55:00
nvd
nvd
CVE-2012-2395
2012-06-16 00:55:07

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.7 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON
Related for COBBLER_POWER_COMMAND_INJECTION.NASL
ubuntucve1github1cve1nessus3suse4gitlab1openvas4osv1cvelist1redhat1prion1nvd1