Bug 2006897 (CVE-2021-40324)

Summary: CVE-2021-40324 cobbler: Arbitrary file write via upload_log_data XMLRPC function
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: brejoc, gkamathe, jimi, kwizart, mmraka, ngompa13, orion, scott, tkasparek, tlestach, vanmeeuwen+fedora
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: cobbler 3.3.0, cobbler 3.2.2 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in cobbler. The flaw lies in cobblerd's anamon support, specifically the upload_log_data XMLRPC function. An anamon_enabled setting, if enabled, accepts unsanitized user-supplied parameters. This flaw allows an attacker to write arbitrary files to the system. The highest threat from this vulnerability is to confidentiality, integrity, and availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-09-24 08:50:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2006902, 2006903    
Bug Blocks: 2006908    

Description Pedro Sampaio 2021-09-22 15:50:53 UTC 
A flaw was found in Cobbler. Arbitrary file write could be achieved via upload_log_data XMLRPC function.

References:

https://lists.suse.com/pipermail/sle-security-updates/2021-September/009468.html
https://github.com/cobbler/cobbler/issues/2795
https://github.com/cobbler/cobbler/pull/2794
Comment 1 Pedro Sampaio 2021-09-22 16:12:29 UTC 
Created cobbler tracking bugs for this issue:

Affects: epel-7 [bug 2006903]
Affects: fedora-all [bug 2006902]