7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.2%
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0
allows remote attackers to execute arbitrary commands via shell
metacharacters in the (1) username or (2) password fields to the
power_system method in the xmlrpc API.
Author | Note |
---|---|
jdstrand | maas-provision in 12.04 is a code copy of cobbler, but with reduced features and usage. Only the portions of maas-provision specifically used by maas will recieve official support maas in 12.10 as of 0.1+bzr971+dfsg-0ubuntu1 no longer depends on maas-provision and maas-provision has moved to universe. 12.04 should also receive this update for maas, so deferring for now. maas-provision removed from 12.10 before release power functionality is blocked by the AppArmor profile in maas-provision on 12.04 LTS, so this vulnerability is mitigated. This was tested by modifying /usr/share/pyshared/cobbler/utils.py to remove the check for invalid characters, then getting a system name with ‘sudo cobbler list’ then doing something like: $ sudo cobbler system edit --name node-457f02f2-3fe6-11e2-a048-525400209fb8 \ --power-type ether_wake \ --power-user Admin --power-pass PASSWORD \ --power-address ‘AA:BB:CC:DD:EE:FF" ; /usr/bin/touch /gotcha ; "’ $ sudo cobbler system poweron --name=node-457f02f2-3fe6-11e2-a048-525400209fb8 |