oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: cobbler command injection

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 23 May 2012 12:24:51 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/23/2012 02:39 AM, David Black wrote:

It was reported that it was possible to perform command injection 
through the cobbler xmlrpc api[0][1]. This issue was fixed in the
git commit found at [2]. Can a CVE be assigned to this issue?


[0] https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999 
[1] https://github.com/cobbler/cobbler/issues/141 [2]
https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf


Please



use CVE-2012-2395 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvStzAAoJEBYNRVNeJnmTGVwP/0dZWeEOJJg6fLfr66ToY6C4
33MB059f5k/ePfd/0hJwpNtSImvfACH+SvwLcGfCsVbj0HRPKg9EdkZlBRXplS50
EK9rL70casIG0p2DDxtd9L4AU8Kl6dsYGaoN3fL9nq3VdYtKJH0bHz1ryWaCG7ZN
k0tDHRnPPfpcNxQNkvLiutRK2r0iR9ctzUioMErSFaee+mIVDCv3MNoGCnf4y/xH
ijGB6GtuVAOLJzujSGyOLi6KdUgGJk2x9h6QUTN/iT9NE9/ukCrsdJP37MQUX3Sm
Ft0fVlLcPt50FBq/ypEfrN7fl2P+isGpqpKBbI01qBQl9CiNOj3GoGOV2xsmlGU7
u832wbCLW/T1jRCacxfsjUCHiiEJBKOdd14HEuHStKpZY2FAwwVkSC35GcTfu+gA
KtggmRYuQUKUZFu2unyWxtV6Thk97eT9UqWxrXj8UYoCl8YfaQXi0U+Ap2QB8Khr
xVxzPsCl9tCuOlZMNss1YAXvwwjHu9o6AHX3tgPqjFFIveWxsOxRZSJ/ZveNgqjf
9JZuQvkODn4AD9NXwUgjjcokD7yfxOog43UWuoKOkNj71Eaxk+jU4Xk/mee3T7Wn
zbXtOA/T9EO5Zu4yZB4El8bKm+9FJRlPk1LuQWTXlqW65vaZAkvd2PS2ifW2C74+
IyFclW5b9DOlyAMnTH7H
=TMiW
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: