CVE-2010-2235: Code Injection
First published: Thu Jun 24 2010(Updated: )
A code injection flaw was found in the way Cobbler processed templates for kickstart files. A remote authenticated user, that has the Configuration Administrator role privilege, could use this flaw to create a specially-crafted kickstart template file containing embedded Python code, that could, when processed by the Cheetah template processing engine, execute arbitrary code with the privileges of the privileged system user (root) on the Red Hat Network Satellite Server host. References: [1] <a href="https://fedorahosted.org/cobbler/wiki/KickstartTemplating">https://fedorahosted.org/cobbler/wiki/KickstartTemplating</a> Acknowledgements: Red Hat would like to thank Doug Knight of University of Alaska for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/cobbler | <0:1.6.6-15.el4 | 0:1.6.6-15.el4 |
| Cobbler | =1.0.2 | |
| Cobbler | =1.6.1 | |
| Cobbler | =1.2.0 | |
| Cobbler | =1.6.8 | |
| Cobbler | =1.2.8 | |
| Cobbler | =1.6.6-1 | |
| Cobbler | =2.0.0 | |
| Cobbler | =0.2.3 | |
| Cobbler | =1.2.2 | |
| Cobbler | =0.2.7 | |
| Cobbler | =0.3.5 | |
| Cobbler | =2.0.1-1 | |
| Cobbler | =0.3.0 | |
| Cobbler | =1.4.3-4 | |
| Cobbler | =1.2.6 | |
| Cobbler | =0.4.0 | |
| Cobbler | =1.2.3 | |
| Cobbler | =0.4.3 | |
| Cobbler | =0.8.1 | |
| Cobbler | =1.3.3 | |
| Cobbler | =1.6.3 | |
| Cobbler | =1.6.8-1 | |
| Cobbler | =0.2.5 | |
| Cobbler | =0.8.3 | |
| Cobbler | =1.0.2-1 | |
| Cobbler | <=2.0.4 | |
| Cobbler | =1.4.3 | |
| Cobbler | =1.6.2 | |
| Cobbler | =2.0.3 | |
| Cobbler | =0.3.7 | |
| Cobbler | =1.2.9-1 | |
| Cobbler | =1.3.3-1 | |
| Cobbler | =0.6.4 | |
| Cobbler | =1.6.5 | |
| Cobbler | =1.6.4-1 | |
| Cobbler | =0.4.6 | |
| Cobbler | =0.2.1 | |
| Cobbler | =0.4.7 | |
| Cobbler | =1.4.1 | |
| Cobbler | =0.6.5 | |
| Cobbler | =2.0.0-1 | |
| Cobbler | =0.6.1 | |
| Cobbler | =1.6.1-1 | |
| Cobbler | =1.2.5 | |
| Cobbler | =0.1.1.7 | |
| Cobbler | =1.6.6 | |
| Cobbler | =1.3.4 | |
| Cobbler | =1.2.9 | |
| Cobbler | =1.4.2 | |
| Cobbler | =0.3.9 | |
| Cobbler | =1.3.1 | |
| Cobbler | =1.2.8-1 | |
| Cobbler | =1.3.1-1 | |
| Cobbler | =2.0.1 | |
| Cobbler | =0.4.2 | |
| Cobbler | =1.4.1-1 | |
| Cobbler | =1.6.3-1 | |
| Cobbler | =1.3.4-1 | |
| Cobbler | =1.0.3-1 | |
| Cobbler | =1.0.0 | |
| Cobbler | =1.4.2-1 | |
| Cobbler | =0.5.0 | |
| Cobbler | =0.6.0 | |
| Cobbler | =0.3.4 | |
| Cobbler | =0.2.8 | |
| Cobbler | =1.2.7 | |
| Cobbler | =1.4.0 | |
| Cobbler | =0.2.2 | |
| Cobbler | =1.6.4 | |
| Cobbler | =0.4.8 | |
| Cobbler | =0.6.3 | |
| Cobbler | =2.0.3.1-2 | |
| Cobbler | =1.4.0-2 | |
| Cobbler | =2.0.4-1 | |
| Cobbler | =1.6.2-1 | |
| Cobbler | =0.3.1 | |
| Cobbler | =0.2.9 | |
| Cobbler | =0.3.3 | |
| Cobbler | =0.4.5 | |
| Cobbler | =2.0.3.1 | |
| Cobbler | =0.3.6 | |
| Cobbler | =1.6.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=607662
- http://www.redhat.com/support/errata/RHSA-2010-0775.html
- http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz
- https://www.cve.org/CVERecord?id=CVE-2010-2235 https://nvd.nist.gov/vuln/detail/CVE-2010-2235
- https://access.redhat.com/errata/RHSA-2010:0775
- https://access.redhat.com/security/cve/CVE-2010-2235
- https://fedorahosted.org/cobbler/wiki/KickstartTemplating
- https://rhn.redhat.com/errata/RHSA-2010-0775.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=643900
Frequently Asked Questions
What is the severity of CVE-2010-2235?
CVE-2010-2235 is classified as a moderate severity vulnerability.
How do I fix CVE-2010-2235?
To fix CVE-2010-2235, upgrade Cobbler to version 1.6.6 or later.
Who is affected by CVE-2010-2235?
CVE-2010-2235 affects remote authenticated users with Configuration Administrator role privilege on vulnerable Cobbler versions.
What type of vulnerability is CVE-2010-2235?
CVE-2010-2235 is a code injection vulnerability that allows execution of arbitrary embedded Python code.
Which versions of Cobbler are affected by CVE-2010-2235?
Affected versions of Cobbler include 1.0.2, 1.2.0, 1.2.2, 1.2.3, 1.2.5, 1.2.6, 1.2.8, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, and numerous others up to 2.0.4.
- collector/redhat-cve
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/remedy
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2235
- agent/trending
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/michael dehaan
- canonical/cobbler
- version/cobbler/1.0.2
- version/cobbler/1.6.1
- version/cobbler/1.2.0
- version/cobbler/1.6.8
- version/cobbler/1.2.8
- version/cobbler/1.6.6-1
- version/cobbler/2.0.0
- version/cobbler/0.2.3
- version/cobbler/1.2.2
- version/cobbler/0.2.7
- version/cobbler/0.3.5
- version/cobbler/2.0.1-1
- version/cobbler/0.3.0
- version/cobbler/1.4.3-4
- version/cobbler/1.2.6
- version/cobbler/0.4.0
- version/cobbler/1.2.3
- version/cobbler/0.4.3
- version/cobbler/0.8.1
- version/cobbler/1.3.3
- version/cobbler/1.6.3
- version/cobbler/1.6.8-1
- version/cobbler/0.2.5
- version/cobbler/0.8.3
- version/cobbler/1.0.2-1
- version/cobbler/2.0.4
- version/cobbler/1.4.3
- version/cobbler/1.6.2
- version/cobbler/2.0.3
- version/cobbler/0.3.7
- version/cobbler/1.2.9-1
- version/cobbler/1.3.3-1
- version/cobbler/0.6.4
- version/cobbler/1.6.5
- version/cobbler/1.6.4-1
- version/cobbler/0.4.6
- version/cobbler/0.2.1
- version/cobbler/0.4.7
- version/cobbler/1.4.1
- version/cobbler/0.6.5
- version/cobbler/2.0.0-1
- version/cobbler/0.6.1
- version/cobbler/1.6.1-1
- version/cobbler/1.2.5
- version/cobbler/0.1.1.7
- version/cobbler/1.6.6
- version/cobbler/1.3.4
- version/cobbler/1.2.9
- version/cobbler/1.4.2
- version/cobbler/0.3.9
- version/cobbler/1.3.1
- version/cobbler/1.2.8-1
- version/cobbler/1.3.1-1
- version/cobbler/2.0.1
- version/cobbler/0.4.2
- version/cobbler/1.4.1-1
- version/cobbler/1.6.3-1
- version/cobbler/1.3.4-1
- version/cobbler/1.0.3-1
- version/cobbler/1.0.0
- version/cobbler/1.4.2-1
- version/cobbler/0.5.0
- version/cobbler/0.6.0
- version/cobbler/0.3.4
- version/cobbler/0.2.8
- version/cobbler/1.2.7
- version/cobbler/1.4.0
- version/cobbler/0.2.2
- version/cobbler/1.6.4
- version/cobbler/0.4.8
- version/cobbler/0.6.3
- version/cobbler/2.0.3.1-2
- version/cobbler/1.4.0-2
- version/cobbler/2.0.4-1
- version/cobbler/1.6.2-1
- version/cobbler/0.3.1
- version/cobbler/0.2.9
- version/cobbler/0.3.3
- version/cobbler/0.4.5
- version/cobbler/2.0.3.1
- version/cobbler/0.3.6
- version/cobbler/1.6.5-1