133 matches found
CVE-2014-3225
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...
Local File inclusion
A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI...
[oss-security] CVE Request - Local File inclusion in Cobbler
hi, as reported in https://github.com/cobbler/cobbler/issues/939 A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI in all versions. Cobbler ease setup of network installation environments. After informing cobbler team, a patch...
Fedora 18 : livecd-tools-18.17-1.fc18 (2013-13131)
Added a couple features to livecd-iso-to-disk --updates and --ks and fixed a traceback when there are dependency problems running livecd-creator. Require rsync The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered...
CentOS Update for sos CESA-2013:1121 centos5
Check for the Version of sos OpenVAS Vulnerability Test CentOS Update for sos CESA-2013:1121 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Scientific Linux Security Update : sos on SL5.x (noarch) (20130730)
The sosreport utility collected the Kickstart configuration file '/root /anaconda-ks.cfg', but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain th...
RHEL 5 : sos (RHSA-2013:1121)
An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Low: Red Hat Security Advisory: sos security update
An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
sosreport does not blank root password in anaconda plugin
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...
Fedora 17 : livecd-tools-17.17-1.fc17 (2013-9111)
The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered that livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no 'rootpw' directive was used or when the...
Fedora 19 : livecd-tools-19.4-1.fc19 (2013-9827)
Some fixed for running from F19 host. The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered that livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no...
Default credentials
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges...
Important: Red Hat Security Advisory: KVM image security update
The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
[SECURITY] Fedora 19 Update: pykickstart-1.99.30-1.fc19
The pykickstart package is a python library for manipulating kickstart files...
Fedora 17 2012-9621
Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...
CVE-2012-2664
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...
Default credentials
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...
CVE-2012-2664
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...
CVE-2012-2664
CVE-2012-2664 affects the sosreport utility in the Red Hat sos package prior to 2.2-29. The root user password information found in the Kickstart configuration file (/root/anaconda-ks.cfg) is not removed when creating an archive of debugging information, potentially allowing an attacker to obtain...
sosreport does not blank root password in anaconda plugin
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...