Cobbler, a Linux installation server widely used in network installation environments, has a critical authentication vulnerability in versions 3.0.0 through 3.2.2 and 3.3.0 through 3.3.6. This vulnerability is caused by a flawed function that allows bypassing authentication checks on Cobbler’s XML-RPC interface.
| Product | Cobbler |
| Date | 2024-11-20 17:54:01 |
| Information |
|
Technical Summary
The vulnerability in Cobbler stems from the utils.get_shared_secret() function, which is intended to generate and manage authentication secrets between the Cobbler server and its clients. However, in the affected versions, this function consistently returns the fixed value -1. Consequently, an attacker with network access can connect to the XML-RPC interface using the credentials user: "" and password: -1, effectively bypassing authentication.
Impact:
- Full control of the Cobbler server: Attackers can manipulate configurations, perform unauthorized installations, and access sensitive data.
- Ease of exploitation: Public proof-of-concept (PoC) exploits demonstrate the simplicity of exploiting this vulnerability using Python.
Affected versions:
- 3.0.0 through 3.2.2
- 3.3.0 through 3.3.6
Fixed versions:
- 3.2.3
- 3.3.7
Recommendations
- Update immediately: Upgrade to the fixed versions, 3.2.3 or 3.3.7, which resolve the issue in the
get_shared_secret()function. - Restrict network access: Reduce the network exposure of the Cobbler server to trusted systems only by properly configuring firewalls and network policies.
- Monitoring and auditing: Check server logs for any unauthorized access attempts and review configurations for signs of tampering.
- Apply hardening measures:
- Disable the XML-RPC interface if it is not required.
- Apply restrictive firewall rules and isolate the Cobbler server within a secure network zone.
[Callforaction-THREAT-Footer]
