oss-sec mailing list archives

CVE request: cobbler command injection

From: David Black <disclosure () d1b org>
Date: Wed, 23 May 2012 18:39:10 +1000

It was reported that it was possible to perform command injection
through the cobbler xmlrpc api[0][1]. This issue was fixed in the git
commit found at [2].
Can a CVE be assigned to this issue?


[0] https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999
[1] https://github.com/cobbler/cobbler/issues/141
[2] https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf

Current thread:

CVE request: cobbler command injection David Black (May 23)
- Re: CVE request: cobbler command injection Kurt Seifried (May 23)