CVE-2017-1000469
published 2018-01-03CVE-2017-1000469: Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.56%
91.9th percentile
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobbler_project | cobbler | <= 2.8.2 | — |
| cobbler_project | cobbler | >= 0 < 3.0.0 | 3.0.0 |
| cobbler_project | cobbler | >= 0 < 2.4.1-0ubuntu2+esm1 | 2.4.1-0ubuntu2+esm1 |
Detection & IOCsextracted from sources · hover to see the quote
- →The injection point is the 'Mirror' field of the 'Adding a Repo' form in Cobbler's web UI/API — monitor or validate input to this field for shell metacharacters or command injection payloads ↗
- →Cobbler versions up to and including 2.8.2 are vulnerable; presence of cobbler <= 2.8.2 on a host is an indicator of exposure ↗
- →The vulnerable component is the 'add repo' functionality; audit cobbler API calls or web requests targeting repo-add/mirror endpoints for unsanitised shell characters ↗
- ·Red Hat Satellite 5 ships cobbler but the API password is a randomly generated 64-character string, making the API practically inaccessible; Red Hat rated this Low impact for that product and will not fix it ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
cobbler vulnerabilities
osv·2023-11-13·CVSS 4.0
CVE-2014-3225 [MEDIUM] cobbler vulnerabilities
cobbler vulnerabilities
It was discovered that Cobbler did not properly handle user input, which
could result in an absolute path traversal. An attacker could possibly
use this issue to read arbitrary files. (CVE-2014-3225)
It was discovered that Cobbler did not properly handle user input, which
could result in command injection. An attacker could possibly use this
issue to execute arbitrary code with high privileges.
(CVE-2017-1000469, CVE-2021-45082)
It was discovered that Cobbler did not properly hide private functions in
a class. A remote attacker could possibly use this issue to gain high
privileges and upload files to an arbitrary location.
(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)
Nicolas Chatelain discovered that Cobbler did not properly handle user
input, which coul
GHSA
Cobbler vulnerable to arbitrary code execution
ghsa·2022-05-14
CVE-2017-1000469 [CRITICAL] CWE-20 Cobbler vulnerable to arbitrary code execution
Cobbler vulnerable to arbitrary code execution
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
OSV
Cobbler vulnerable to arbitrary code execution
osv·2022-05-14
CVE-2017-1000469 [CRITICAL] Cobbler vulnerable to arbitrary code execution
Cobbler vulnerable to arbitrary code execution
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
OSV
CVE-2017-1000469: Cobbler version up to 2
osv·2018-01-03·CVSS 9.8
CVE-2017-1000469 [CRITICAL] CVE-2017-1000469: Cobbler version up to 2
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
Ubuntu
Cobbler vulnerabilities
vendor_ubuntu·2023-11-13·CVSS 4.0
CVE-2021-40323 [MEDIUM] Cobbler vulnerabilities
Title: Cobbler vulnerabilities
Summary: Several security issues were fixed in Cobbler.
It was discovered that Cobbler did not properly handle user input, which
could result in an absolute path traversal. An attacker could possibly
use this issue to read arbitrary files. (CVE-2014-3225)
It was discovered that Cobbler did not properly handle user input, which
could result in command injection. An attacker could possibly use this
issue to execute arbitrary code with high privileges.
(CVE-2017-1000469, CVE-2021-45082)
It was discovered that Cobbler did not properly hide private functions in
a class. A remote attacker could possibly use this issue to gain high
privileges and upload files to an arbitrary location.
(CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226)
Nicolas Chatelain discov
Red Hat
cobbler: Command injection in the "add repo" component allows for remote code execution
vendor_redhat·2017-10-19·CVSS 9.8
CVE-2017-1000469 [CRITICAL] CWE-77 cobbler: Command injection in the "add repo" component allows for remote code execution
cobbler: Command injection in the "add repo" component allows for remote code execution
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
Statement: Red Hat Satellite 5 is now in Production 3 Phase of the support and maintenance life cycle. The cobbler API has a user associated with it however the password is a randomly generated 64 character string, making the API inaccessible. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Package: cobbler (Red Hat Satellite 5) - Will not fix
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution [fedora-all]
bugzilla·2018-01-09·CVSS 9.8
CVE-2017-1000469 [CRITICAL] CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution [fedora-all]
CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this i
Bugzilla
CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution
bugzilla·2018-01-09·CVSS 9.8
CVE-2017-1000469 [CRITICAL] CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution
CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "Mirror" field of the "Adding a Repo" form. A remote user could exploit this to execute arbitrary code as root.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000469
https://github.com/cobbler/cobbler/issues/1845
Discussion:
Created cobbler tracking bugs for this issue:
Affects: epel-all [bug 1532469]
Affects: fedora-all [bug 1532470]
---
Statement:
Red Hat Satellite 5 is now in Production 3 Phase of the support and maintenance life cycle. The cobbler API has a user associated with it however the password is a randomly generated 64 character string, making the API inacce
Bugzilla
CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution [epel-all]
bugzilla·2018-01-09·CVSS 9.8
CVE-2017-1000469 [CRITICAL] CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution [epel-all]
CVE-2017-1000469 cobbler: Command injection in the "add repo" component allows for remote code execution [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
2018-01-03
Published