CVE-2011-4953

The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
cobbler_projectcobbler
𝑥
≤ 2.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cobbler
raring
Fixed 2.2.2-0ubuntu1
released
quantal
Fixed 2.2.2-0ubuntu1
released
precise
Fixed 2.2.2-0ubuntu1
released
oneiric
ignored
natty
ignored
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00019.html
https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858883
https://bugzilla.novell.com/show_bug.cgi?id=757062
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00019.html
https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858883
https://bugzilla.novell.com/show_bug.cgi?id=757062