CVE-2010-2235
published 2010-12-09CVE-2010-2235: template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template…
PriorityP346high8.5CVSS 2.0
AVNACMAuSCCICAC
EPSS
3.33%
87.1th percentile
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
Affected
83 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobbler_project | cobbler | >= 0 < 2.0.7 | 2.0.7 |
| michael_dehaan | cobbler | <= 2.0.4 | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
| michael_dehaan | cobbler | — | — |
CVSS provenance
nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
ghsa9.0CRITICAL
osv9.0CRITICAL
vendor_redhat9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
(cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file
vendor_redhat·2010-10-18·CVSS 9.0
CVE-2010-2235 [CRITICAL] CWE-96 (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file
(cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
GHSA
Cobbler is vulnerable to code injection
ghsa·2022-05-17·CVSS 9.0
CVE-2010-2235 [CRITICAL] CWE-94 Cobbler is vulnerable to code injection
Cobbler is vulnerable to code injection
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
OSV
Cobbler is vulnerable to code injection
osv·2022-05-17·CVSS 9.0
CVE-2010-2235 [CRITICAL] Cobbler is vulnerable to code injection
Cobbler is vulnerable to code injection
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2235 RHN Satellite (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file [fedora-all]
bugzilla·2010-10-18·CVSS 8.5
CVE-2010-2235 [HIGH] CVE-2010-2235 RHN Satellite (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file [fedora-all]
CVE-2010-2235 RHN Satellite (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/n
Bugzilla
CVE-2010-2235 RHN Satellite (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file
bugzilla·2010-06-24·CVSS 8.5
CVE-2010-2235 [HIGH] CVE-2010-2235 RHN Satellite (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file
CVE-2010-2235 RHN Satellite (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file
A code injection flaw was found in the way Cobbler processed
templates for kickstart files. A remote authenticated user, that
has the Configuration Administrator role privilege, could use this
flaw to create a specially-crafted kickstart template file containing
embedded Python code, that could, when processed by the Cheetah template
processing engine, execute arbitrary code with the privileges of the
privileged system user (root) on the Red Hat Network Satellite Server host.
References:
[1] https://fedorahosted.org/cobbler/wiki/KickstartTemplating
Acknowledgements:
Red Hat would like to thank Doug Knight of University of Alaska for reporting this issue.
Bugzilla
CVE-2010-2235 Spacewalk (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file
bugzilla·2010-06-23·CVSS 8.5
CVE-2010-2235 [HIGH] CVE-2010-2235 Spacewalk (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file
CVE-2010-2235 Spacewalk (cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file
Description of problem:
Presently, any Satellite/Spacewalk user with the configuration administrator role code execute code as root on the Satellite/Spacewalk server by putting something like "" in a templated kickstart script or variable. The same can be done in a non-templated script by wrapping the command in #end raw and #raw directives.
Cheetah should probably not be invoked as root. Additionally, the following checks should be made to prevent the execution of code on the server:
* Refuse to accept templated scripts or variables that include unescaped , , or #compiler-settings directives.
* Prevent the use of the #end raw directive in non-templated scri
http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gzhttp://www.redhat.com/support/errata/RHSA-2010-0775.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=607662http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gzhttp://www.redhat.com/support/errata/RHSA-2010-0775.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=607662
2010-12-09
Published