CVE-2011-4953

Publication date 27 October 2014

Last updated 24 July 2024

Description

The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cobbler	13.04 raring	Fixed 2.2.2-0ubuntu1
	12.10 quantal	Fixed 2.2.2-0ubuntu1
	12.04 LTS precise	Fixed 2.2.2-0ubuntu1
	11.10 oneiric	Ignored end of life
	11.04 natty	Ignored end of life
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2011-4953

CVE-2011-4953

Description

Status

References

Other references

Access our resources on patching vulnerabilities