Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6954

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-6954
Last Modified 12 Aug 2009 12:00:00
Published 12 Aug 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6954

Summary

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.

Vulnerable Systems

Application

  • Michael Dehaan Cobbler 0.1.1.7

  • Michael Dehaan Cobbler 0.2.1

  • Michael Dehaan Cobbler 0.2.2

  • Michael Dehaan Cobbler 0.2.3

  • Michael Dehaan Cobbler 0.2.5

  • Michael Dehaan Cobbler 0.2.7

  • Michael Dehaan Cobbler 0.2.8

  • Michael Dehaan Cobbler 0.2.9

  • Michael Dehaan Cobbler 0.3.0

  • Michael Dehaan Cobbler 0.3.1

  • Michael Dehaan Cobbler 0.3.3

  • Michael Dehaan Cobbler 0.3.4

  • Michael Dehaan Cobbler 0.3.5

  • Michael Dehaan Cobbler 0.3.6

  • Michael Dehaan Cobbler 0.3.7

  • Michael Dehaan Cobbler 0.3.9

  • Michael Dehaan Cobbler 0.4.0

  • Michael Dehaan Cobbler 0.4.2

  • Michael Dehaan Cobbler 0.4.3

  • Michael Dehaan Cobbler 0.4.5

  • Michael Dehaan Cobbler 0.4.6

  • Michael Dehaan Cobbler 0.4.7

  • Michael Dehaan Cobbler 0.4.8

  • Michael Dehaan Cobbler 0.5.0

  • Michael Dehaan Cobbler 0.6.0

  • Michael Dehaan Cobbler 0.6.1

  • Michael Dehaan Cobbler 0.6.3

  • Michael Dehaan Cobbler 0.6.4

  • Michael Dehaan Cobbler 0.6.5

  • Michael Dehaan Cobbler 0.8.1

  • Michael Dehaan Cobbler 0.8.3

  • Michael Dehaan Cobbler 1.0.0

  • Michael Dehaan Cobbler 1.0.2

  • Michael Dehaan Cobbler 1.0.2-1

  • Michael Dehaan Cobbler 1.0.3-1

  • Michael Dehaan Cobbler 1.2.0

  • Michael Dehaan Cobbler 1.2.2

  • Michael Dehaan Cobbler 1.2.3

  • Michael Dehaan Cobbler 1.2.5

  • Michael Dehaan Cobbler 1.2.6

  • Michael Dehaan Cobbler 1.2.7

  • Michael Dehaan Cobbler 1.2.8


References

BID - 32317

CONFIRM - http://freshmeat.net/projects/cobbler/releases/288374

FEDORA - FEDORA-2008-9745

FEDORA - FEDORA-2008-9723

XF - cobbler-interface-code-execution(46625)

SECUNIA - 32804

SECUNIA - 32737

OSVDB - 50291


Last Updated: 27 May 2016 10:49:24