ClickCease Several Cobbler Vulnerabilities Fixed in Ubuntu 16.04

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Several Cobbler Vulnerabilities Fixed in Ubuntu 16.04

Rohan Timalsina

November 29, 2023 - TuxCare expert team

A series of Cobbler vulnerabilities have been addressed in Ubuntu 16.04 ESM in the recent security updates. Ubuntu 16.04 ESM (Expanded Security Maintenance) is the extended version of end-of-life Ubuntu 16.04 LTS with extra security patching beyond the end dates. ESM versions are available through Ubuntu Pro subscription, which is relatively expensive for security patching.

Alternatively, you can go with an affordable option, TuxCare’s Extended Lifecycle Support, which provides five years of vendor-grade security patches after the end-of-life period.

The vulnerabilities, along with their respective Common Vulnerabilities and Exposures (CVE) identifiers, are outlined below:

 

Cobbler Vulnerabilities Fixed in Ubuntu 16.04 ESM

 

CVE-2014-3225

Cobbler was found to mishandle user input, potentially leading to absolute path traversal. This vulnerability could be exploited by an attacker to read arbitrary files.

 

CVE-2017-1000469, CVE-2021-45082

Cobbler’s improper handling of user input could result in command injection, allowing an attacker to execute arbitrary code with elevated privileges.

 

CVE-2018-10931, CVE-2018-1000225, CVE-2018-1000226

Cobbler did not adequately hide private functions in a class, posing a risk of remote attackers gaining high privileges and uploading files to arbitrary locations.

 

CVE-2021-40323, CVE-2021-40324, CVE-2021-40325

The mishandling of user input in Cobbler could lead to log poisoning. A remote attacker might exploit this to bypass authorization, write to arbitrary files, or execute arbitrary code.

 

CVE-2021-45083

Cobbler did not correctly handle file permissions during package install or update operations, potentially enabling an attacker to perform a privilege escalation attack.

 

CVE-2022-0860

Cobbler was found to have an issue processing credentials for expired accounts, opening the door for an attacker to log in with an expired account or password.

 

Conclusion

 

To address these vulnerabilities, it is strongly recommended to update your Cobbler packages to the latest versions. A standard system update will be required to implement the necessary changes.

Contact TuxCare Linux security expert to get started with Extended Lifecycle Support and protect your Ubuntu 16.04 servers.

 

The sources for this article can be found on USN-6475-1.

Summary
Several Cobbler Vulnerabilities Fixed in Ubuntu 16.04
Article Name
Several Cobbler Vulnerabilities Fixed in Ubuntu 16.04
Description
Discover and fix critical Cobbler vulnerabilities in Ubuntu 16.04. Learn about path traversal, command injection, and other issues.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter