Cobbler is vulnerable to Remote Code Execution (RCE). A code injection flaw was found in the way Cobbler processed templates for kickstart files. A remote, authenticated user, that has the Configuration Administrator role privilege, could use this flaw to create a specially-crafted kickstart template file containing embedded Python code that could, when processed by Cheetah, execute arbitrary code with root privileges on the Red Hat Network Satellite Server.
CPE | Name | Operator | Version |
---|---|---|---|
cobbler | eq | 1.6.6__3.el4sat | |
cobbler | eq | 1.6.6__3.el5sat | |
cobbler | eq | 1.6.6__3.el4sat | |
cobbler | eq | 1.6.6__3.el5sat |