Novell Home


Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-2395 at MITRE


Incomplete blacklist vulnerability in in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

SUSE information

SUSE Bugzilla entry: 763610

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Manager Client Tools for SLE 11 SP1
  • koan >= 2.0.10-0.38.1
SAT Patch Nr: 6378
SUSE Manager 1.2 for SLE 11 SP1
  • cobbler >= 2.0.10-0.38.1
SAT Patch Nr: 6378

© 2015 Novell