Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:2590-1

Опубликовано: 03 сент. 2018
Источник: suse-cvrf

Описание

Security update for cobbler

This update for cobbler fixes the following issues:

Security issues fixed:

  • Forbid exposure of private methods in the API (CVE-2018-10931, CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442)
  • Check access token when calling 'modify_setting' API endpoint (bsc#1104190, bsc#1105440, CVE-2018-1000226)

Other bugs fixed:

  • Do not try to hardlink to a symlink. The result will be a dangling symlink in the general case. (bsc#1097733)
  • fix kernel options when generating bootiso (bsc#1101670)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3
cobbler-2.6.6-17.1
cobbler-tests-2.6.6-17.1
cobbler-web-2.6.6-17.1
koan-2.6.6-17.1

Ссылки

Описание

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).

Затронутые продукты
openSUSE Leap 42.3:cobbler-2.6.6-17.1
openSUSE Leap 42.3:cobbler-tests-2.6.6-17.1
openSUSE Leap 42.3:cobbler-web-2.6.6-17.1
openSUSE Leap 42.3:koan-2.6.6-17.1
Ссылки

Описание

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

Затронутые продукты
openSUSE Leap 42.3:cobbler-2.6.6-17.1
openSUSE Leap 42.3:cobbler-tests-2.6.6-17.1
openSUSE Leap 42.3:cobbler-web-2.6.6-17.1
openSUSE Leap 42.3:koan-2.6.6-17.1
Ссылки

Описание

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

Затронутые продукты
openSUSE Leap 42.3:cobbler-2.6.6-17.1
openSUSE Leap 42.3:cobbler-tests-2.6.6-17.1
openSUSE Leap 42.3:cobbler-web-2.6.6-17.1
openSUSE Leap 42.3:koan-2.6.6-17.1
Ссылки