[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: cobbler command injection
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-05-23 18:24:51
Message-ID: 4FBD2B73.9060005 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/23/2012 02:39 AM, David Black wrote:
> It was reported that it was possible to perform command injection 
> through the cobbler xmlrpc api[0][1]. This issue was fixed in the
> git commit found at [2]. Can a CVE be assigned to this issue?
> 
> 
> [0] https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999 
> [1] https://github.com/cobbler/cobbler/issues/141 [2]
> https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf

Please
> 
use CVE-2012-2395 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvStzAAoJEBYNRVNeJnmTGVwP/0dZWeEOJJg6fLfr66ToY6C4
33MB059f5k/ePfd/0hJwpNtSImvfACH+SvwLcGfCsVbj0HRPKg9EdkZlBRXplS50
EK9rL70casIG0p2DDxtd9L4AU8Kl6dsYGaoN3fL9nq3VdYtKJH0bHz1ryWaCG7ZN
k0tDHRnPPfpcNxQNkvLiutRK2r0iR9ctzUioMErSFaee+mIVDCv3MNoGCnf4y/xH
ijGB6GtuVAOLJzujSGyOLi6KdUgGJk2x9h6QUTN/iT9NE9/ukCrsdJP37MQUX3Sm
Ft0fVlLcPt50FBq/ypEfrN7fl2P+isGpqpKBbI01qBQl9CiNOj3GoGOV2xsmlGU7
u832wbCLW/T1jRCacxfsjUCHiiEJBKOdd14HEuHStKpZY2FAwwVkSC35GcTfu+gA
KtggmRYuQUKUZFu2unyWxtV6Thk97eT9UqWxrXj8UYoCl8YfaQXi0U+Ap2QB8Khr
xVxzPsCl9tCuOlZMNss1YAXvwwjHu9o6AHX3tgPqjFFIveWxsOxRZSJ/ZveNgqjf
9JZuQvkODn4AD9NXwUgjjcokD7yfxOog43UWuoKOkNj71Eaxk+jU4Xk/mee3T7Wn
zbXtOA/T9EO5Zu4yZB4El8bKm+9FJRlPk1LuQWTXlqW65vaZAkvd2PS2ifW2C74+
IyFclW5b9DOlyAMnTH7H
=TMiW
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]