CVE-2010-4512 — Incorrect Permission Assignment in Dehaan Cobbler

CWE-264 CWE-732 — Incorrect Permission Assignment5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 69.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Michael Dehaan Cobbler

Timeline

PublishedDec 9

Latest updateMay 17

Description

Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmichael_dehaan/cobbler2.0.3.1-2+79

Patches

Patch: people.fedoraproject.org ↗Patch: people.fedoraproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-qpw7-wxj3-c3xw: Cobbler before 2↗2022-05-17

▶

CVEList

CVE-2010-4512: Cobbler before 2↗2010-12-09

▶

📋Vendor Advisories

Red Hat

cobbler: Insecure umask by creating /tftpboot/pxelinux.cfg/* files after cobbler sync↗2010-01-11

▶

💬Community

Bugzilla

CVE-2010-4512 cobbler: Insecure umask by creating /tftpboot/pxelinux.cfg/* files after cobbler sync↗2011-04-05

▶