~ubuntu-security/ubuntu-cve-tracker/master

Candidate: CVE-2014-3225
PublicDate: 2014-05-13
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3225
 https://github.com/cobbler/cobbler/issues/939
Description:
 Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x
 through 2.6.x allows remote authenticated users to read arbitrary files via
 the Kickstart field in a profile.
Ubuntu-Description:
Notes:
 jdstrand> maas-provision in 12.04 is a code copy of cobbler, but with reduced
  features and usage. Only the portions of maas-provision specifically used by
  maas will recieve official support
 jdstrand> maas-provision does not ship web_ui and is therefore not affected
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545583
 https://bugzilla.redhat.com/show_bug.cgi?id=1095844
Priority: medium
Discovered-by:
Assigned-to:

Patches_cobbler:
upstream_cobbler: needs-triage
lucid_cobbler: DNE
precise_cobbler: ignored (reached end-of-life)
precise/esm_cobbler: DNE (precise was needs-triage)
quantal_cobbler: ignored (reached end-of-life)
saucy_cobbler: ignored (reached end-of-life)
trusty_cobbler: needs-triage
utopic_cobbler: ignored (reached end-of-life)
vivid_cobbler: ignored (reached end-of-life)
vivid/stable-phone-overlay_cobbler: DNE
vivid/ubuntu-core_cobbler: DNE
wily_cobbler: ignored (reached end-of-life)
xenial_cobbler: needs-triage
yakkety_cobbler: ignored (reached end-of-life)
zesty_cobbler: needs-triage
devel_cobbler: needs-triage

Patches_maas-provision:
upstream_maas-provision: needs-triage
lucid_maas-provision: DNE
precise_maas-provision: not-affected
precise/esm_maas-provision: DNE (precise was not-affected)
quantal_maas-provision: DNE
saucy_maas-provision: DNE
trusty_maas-provision: DNE
utopic_maas-provision: DNE
vivid_maas-provision: DNE
vivid/stable-phone-overlay_maas-provision: DNE
vivid/ubuntu-core_maas-provision: DNE
wily_maas-provision: DNE
xenial_maas-provision: DNE
yakkety_maas-provision: DNE
zesty_maas-provision: DNE
devel_maas-provision: DNE