Cobbler CobblerXMLRPCInterface object exposes all its functions over XMLRPC. This allows an attacker to use internal the internal functions of the class, such as creating a token, or upload files. Upstream issue: https://github.com/cobbler/cobbler/issues/1916 Upstream patch: https://github.com/cobbler/cobbler/pull/1921 References: https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/
Acknowledgments: Name: Cedric Buissart (Red Hat)
Created attachment 1474535 [details] fix
Created cobbler tracking bugs for this issue: Affects: epel-all [bug 1614431] Affects: fedora-all [bug 1614433]
This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Red Hat Satellite 5.8 Via RHSA-2018:2372 https://access.redhat.com/errata/RHSA-2018:2372
Mitigation: If SELinux is enabled, it might prevent some locations from accepting uploaded files from the attacker. This prevents some basic attacks allowing remote code execution, although it would not exclude all other possibilities.
Oddly, i never got this needinfo.. that was WIERD.