CVE-2011-4953

Published: Oct 27, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.

Affected (1)

Products: Cobbler Project: Cobbler

Cobbler Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cobbler Project Cobbler	Up to 2.2.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00019.html

Source: secalert@redhat.com

https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858883

Source: secalert@redhat.com

https://bugzilla.novell.com/show_bug.cgi?id=757062

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858883

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.novell.com/show_bug.cgi?id=757062

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.