Several Cobbler Vulnerabilities Fixed in Ubuntu 16.04
2023-11-29 17:0:53 Author: securityboulevard.com(查看原文) 阅读量:11 收藏

A series of Cobbler vulnerabilities have been addressed in Ubuntu 16.04 ESM in the recent security updates. Ubuntu 16.04 ESM (Expanded Security Maintenance) is the extended version of end-of-life Ubuntu 16.04 LTS with extra security patching beyond the end dates. ESM versions are available through Ubuntu Pro subscription, which is relatively expensive for security patching.

Alternatively, you can go with an affordable option, TuxCare’s Extended Lifecycle Support, which provides five years of vendor-grade security patches after the end-of-life period.

The vulnerabilities, along with their respective Common Vulnerabilities and Exposures (CVE) identifiers, are outlined below:

Cobbler Vulnerabilities Fixed in Ubuntu 16.04 ESM

CVE-2014-3225

DevOps Unbound Podcast

Cobbler was found to mishandle user input, potentially leading to absolute path traversal. This vulnerability could be exploited by an attacker to read arbitrary files.

CVE-2017-1000469, CVE-2021-45082

Cobbler’s improper handling of user input could result in command injection, allowing an attacker to execute arbitrary code with elevated privileges.

CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226

Cobbler did not adequately hide private functions in a class, posing a risk of remote attackers gaining high privileges and uploading files to arbitrary locations.

CVE-2021-40323, CVE-2021-40324, CVE-2021-40325

The mishandling of user input in Cobbler could lead to log poisoning. A remote attacker might exploit this to bypass authorization, write to arbitrary files, or execute arbitrary code.

CVE-2021-45083

Cobbler did not correctly handle file permissions during package install or update operations, potentially enabling an attacker to perform a privilege escalation attack.

CVE-2022-0860

Cobbler was found to have an issue processing credentials for expired accounts, opening the door for an attacker to log in with an expired account or password.

Conclusion

To address these vulnerabilities, it is strongly recommended to update your Cobbler packages to the latest versions. A standard system update will be required to implement the necessary changes.

Contact TuxCare Linux security expert to get started with Extended Lifecycle Support and protect your Ubuntu 16.04 servers.

The sources for this article can be found on USN-6475-1.

The post Several Cobbler Vulnerabilities Fixed in Ubuntu 16.04 appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Read the original post at: https://tuxcare.com/blog/several-cobbler-vulnerabilities-fixed-in-ubuntu-16-04/


文章来源: https://securityboulevard.com/2023/11/several-cobbler-vulnerabilities-fixed-in-ubuntu-16-04/
如有侵权请联系:admin#unsafe.sh