678433 – (CVE-2011-1550) VUL-1: CVE-2011-1550: cobbler: logrotate: issues with service owned directories

Bug 678433 (CVE-2011-1550) - VUL-1: CVE-2011-1550: cobbler: logrotate: issues with service owned directories

Summary: VUL-1: CVE-2011-1550: cobbler: logrotate: issues with service owned directories

Status:	RESOLVED FIXED

Alias:	CVE-2011-1550

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2011-07-06
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:11.4:39880 maint:rele...
Keywords:

Depends on:
Blocks:	CVE-2011-1098
	Show dependency tree / graph

Clone This Bug

Reported:	2011-03-10 09:25 UTC by Ludwig Nussel
Modified:	2016-10-26 19:56 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ludwig Nussel 2011-03-10 09:25:49 UTC

Your friendly security team received the following report.
Please respond ASAP.

cobbler is affected by bug #677335,
please refer to the discussion there for details.

Comment 1 Swamp Workflow Management 2011-03-10 13:35:51 UTC

The SWAMPID for this issue is 39285.
This issue was rated as moderate.
Please submit fixed packages until 2011-03-24.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 12 Ludwig Nussel 2011-04-01 08:34:20 UTC

CVE-2011-1551

Comment 13 Ludwig Nussel 2011-04-01 08:40:47 UTC

CVE-2011-1550 for the logrotate issue, CVE-2011-1551 refers to the issue of cobber running as root itself and accessing the wwwrun owned dirs.

Comment 14 Swamp Workflow Management 2011-04-01 11:16:11 UTC

Update released for: cobbler, cobbler-web, koan
Products:
openSUSE 11.4 (i586, x86_64)

Comment 15 Thomas Biege 2011-05-03 14:13:15 UTC

p5->p3 mass change

Comment 16 Swamp Workflow Management 2011-06-08 19:11:17 UTC

The SWAMPID for this issue is 41525.
This issue was rated as low.
Please submit fixed packages until 2011-07-06.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/41525

Comment 17 Swamp Workflow Management 2011-07-21 16:08:41 UTC

Update released for: cobbler, cobbler-web, koan
Products:
SLE-SERVER 11-SP1-CLIENT-TOOLS (i386, ia64, ppc64, s390x, x86_64)

Comment 18 Swamp Workflow Management 2011-07-22 11:26:57 UTC

Update released for: cobbler, cobbler-debug, cobbler-web, koan
Products:
RES 5-CLIENT-TOOLS (i386, x86_64)

Comment 19 Swamp Workflow Management 2011-07-22 11:27:16 UTC

Update released for: cobbler, cobbler-debug, cobbler-web, koan
Products:
RES 6-CLIENT-TOOLS (i386, x86_64)

Comment 20 Marcus Meissner 2011-07-29 13:27:50 UTC

seems to be released