|
Message-Id: <201405081414.s48EDuDi001504@linus.mitre.org> Date: Thu, 8 May 2014 10:13:56 -0400 (EDT) From: cve-assign@...re.org To: D.Farhi@...com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request - Local File inclusion in Cobbler -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > as reported in https://github.com/cobbler/cobbler/issues/939 > > A local file inclusion is possible by specifying full path to any > desired file in the Kickstart value in Cobbler's WebUI in all > versions. > > by specifiying 'Kickstart' value to /etc/passwd or any other crucial > system file, local files are exposed by the cobbler web_ui Use CVE-2014-3225. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTa5CKAAoJEKllVAevmvmsc0AH/iRGXp6uC+loqXis7PcgsGFH UIFPfrqW7zS5bZ3JWJ41zPTDVJmv5sFCPie9NADsrAEQj0YcrNCRdRNgPy4MTi8t z/+UYftRRoiM8P4jMRVk8Ko2aLwG05m2kJ/j0XQpI45dYoGF0x++gbwORLEhMgtr ePZv7NTjyRwnJygIDLXPGUpnBglkZI/KDPV5qBNDfgHBNMk/FUtZF5zWgVdFvTvx FbeT3lwGKyjNMwd6rBMGQwU52YV1cV3NT7tq+fL5mvvV7QYR1POFfDsJbOBpS/jj EwW0UleNZ2fWXGI1cQiIIakBOrtWyauyR/IQ6OM98vZ8fqkMw6bT1K7Qjbl9ld8= =erju -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.