[Bug 978999] Re: command injection on the host via the xmlrpc api

This bug was fixed in the package cobbler - 2.4.0-0ubuntu2 --- cobbler (2.4.0-0ubuntu2) saucy; urgency=low * cobbler-web.postinst: Generate a random key for SECURITY_KEY in settings.py. -- Timo AaltonenThu, 29 Aug 2013 19:32:56 +0300 ** Changed in: cobbler (Ubuntu) Stat

[Bug 978999] Re: command injection on the host via the xmlrpc api

** Changed in: cobbler (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/978999 Title: command injection on the host via the xmlrpc a

[Bug 978999] Re: command injection on the host via the xmlrpc api

AppArmor mitigates this in maas-provision. ** Changed in: maas-provision (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/978999 Title: c

[Bug 978999] Re: command injection on the host via the xmlrpc api

David, sorry, my question regarding maas-provision was directed at Dave Walker. Dave Walker, does maas utilize the power_system method? ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2395 -- You received this bug notification because you are a member of Ubuntu Server Team

[Bug 978999] Re: command injection on the host via the xmlrpc api

** Changed in: maas-provision (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/978999 Title: command injection on the host via the xmlrpc api

[Bug 978999] Re: command injection on the host via the xmlrpc api

I believe upstream attempted to address this in https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/978999

[Bug 978999] Re: command injection on the host via the xmlrpc api

** Changed in: maas-provision (Ubuntu) Importance: Undecided => High ** Changed in: cobbler (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs

[Bug 978999] Re: command injection on the host via the xmlrpc api

Ah right it is https://launchpad.net/maas (/me answering my own question). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/978999 Title: command injection on the host via the xmlrpc

[Bug 978999] Re: command injection on the host via the xmlrpc api

I wasn't aware of the existence of maas-provision. What exactly is it? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/978999 Title: command injection on the host via the xmlrpc api

[Bug 978999] Re: command injection on the host via the xmlrpc api

** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/978999 Title: command injection on the host via the xmlrpc api To manage notifications about this bu