OESA-2025-1435 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

The vulnerability of the Cobbler network installation server, related to deficiencies in authentication procedures, allows attackers to gain full access to the server.

The vulnerability of the Cobbler network installation server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain full access to the server...

cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes

Summary utils.getsharedsecret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes. Details utils.py getsharedsecret: def getsharedsecret - Unionstr, int: """ The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree o...

Improper Authentication

Overview cobbler is a network install server. Affected versions of this package are vulnerable to Improper Authentication due to the utils.getsharedsecret function. An attacker can gain full control of the server by connecting to the cobbler XML-RPC server using a hardcoded user and password...

The vulnerability of the “add repo” component in the Cobbler network installation server allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the “add repo” component in the Cobbler network installation server is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with root privileges...