Hide Forgot
Description of problem: Cobbler software component, suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. Navigate to the following URL, on a default installation of cobbler and cobbler-web (version 2.6.11-1): http://localhost/cblr/svc/profile/<valid_profile>/op/script?scriptx=script/script/script/script/script/script/script/script/&script=../../../../../etc/passwd We assume that the exploit does not work because we are not affected. We assume that this is due to a way older version of cobbler being used in Satellite (cobbler-2.0.7-66.el6sat.noarch) vs. Github (2.8.0). We assume that the exploit targets the "scripts" endpoint. In cobbler/services.py we do find a handler for this endpoint in cobbler-2.8 (https://github.com/cobbler/cobbler/blob/master/cobbler/services.py#L94), but we do not see such a handler in our Satellite-based setup. It seems that this feature (and therefore probably also this bug) has been introduced in cobbler-2.6 (https://github.com/cobbler/cobbler/commit/955568d075abea57ec9d3cff01eb80a6eb37482f). Satellite 5.7 cobbler-2.0.7-66.el6sat.noarch Cobbler upstream Github (2.8.0) Please verify if this vulnerability effect the Satellite 5?
Statement: Red Hat Satellite 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/satellite
Satellite marked as not affected per [0] [0] https://access.redhat.com/security/cve/CVE-2016-9605