CVE-2014-3225
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
| Software | From | Fixed in |
|---|---|---|
| cobblerd / cobbler | 2.4.2 | 2.4.2.x |
| cobblerd / cobbler | 2.4.3 | 2.4.3.x |
| cobblerd / cobbler | 2.4.0 | 2.4.0.x |
| cobblerd / cobbler | 2.4.0-1 | 2.4.0-1.x |
| cobblerd / cobbler | 2.4.4 | 2.4.4.x |
| cobblerd / cobbler | 2.4.1 | 2.4.1.x |
| cobblerd / cobbler | 2.6.0 | 2.6.0.x |
- http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html
- http://seclists.org/oss-sec/2014/q2/273
- http://seclists.org/oss-sec/2014/q2/274
- http://www.exploit-db.com/exploits/33252
- http://www.osvdb.org/106759
- http://www.securityfocus.com/archive/1/532094/100/0/threaded
- http://www.securityfocus.com/bid/67277
- https://github.com/cobbler/cobbler/issues/939
- https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime