Bugzilla – Bug 1193671
VUL-0: CVE-2021-45083: cobbler, koan: unsafe permissions on sensitive files in /etc/cobbler
Last modified: 2024-01-17 09:24:23 UTC
Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that they can be exposed to an attacker having non-privileged access to the server: * users.digest file contains sha3-512 digest of users in cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. -rw-r--r-- 1 root root 145 Oct 11 09:15 users.digest * settings.yaml file contains secrets like default password: $1$FqgS9DU1$CkJRB3pwDHhqyuV3woTlN0 -rw-r--r-- 1 root root 5051 Dec 13 12:42 /etc/cobbler/settings.yaml
Tracked with CVE-2021-45083 CVSS 8.4 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) CRD 2022-02-16 or earlier
(In reply to Enno Gotthold from comment #4) > You are absolutely right. It has always been like this. However some > codestreams only use the client part of Cobbler (Koan) and the server part > is a more recent version. This requires domain knowledge sadly for the > specific products. Koan is shipped in the following packages: - openSUSE:Factory - SUSE:SLE-15:Update - SUSE:SLE-15:Update:Products:ManagerToolsBeta:Update I checked in the sources of these codestreams (all version 3.0.1), and there is no sign of '/etc/cobbler/settings' or 'users.digest' or any variant. So the vulnerable code present in Cobbler is not present is the version of Koan shipped, So Koan is not affected. However, as you confirmed Enno, Cobbler has always created those files as world readable, so the following codestreams should be affected: - SUSE:SLE-11-SP3:Update/cobbler 2.2.2-0.68.12.1 - SUSE:SLE-11-SP3:Update:Products:ManagerToolsBeta:Update/cobbler n/a - SUSE:SLE-12:Update/cobbler 2.6.6-49.14.1 - SUSE:SLE-12:Update:Products:ManagerToolsBeta:Update/cobbler n/a - SUSE:SLE-15-SP2:Update:Products:Manager41:Update/cobbler 3.0.0+git20190806.32c4bae0-5.14.1 - SUSE:SLE-15-SP3:Update:Products:Manager42:Update/cobbler n/a - SUSE:SLE-15-SP4:Update:Products:Manager43:Update/cobbler n/a
The following openSUSE codestreams should also be affected: - openSUSE:Factory/cobbler - openSUSE:Backports:SLE-15-SP3/cobbler - openSUSE:Backports:SLE-15-SP4:Update/cobbler
Issue is now public after fixes submission
This is an autogenerated message for OBS integration: This bug (1193671) was mentioned in https://build.opensuse.org/request/show/955837 Backports:SLE-15-SP3 / cobbler
SUSE-SU-2022:14891-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1193671,1195906 CVE References: CVE-2021-45083 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (src): cobbler-2.2.2-0.68.15.1 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (src): cobbler-2.2.2-0.68.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0510-1: An update that solves two vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1193671,1193673,1193675,1193676,1193678,1195906,1195918 CVE References: CVE-2021-45082,CVE-2021-45083 JIRA References: Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src): cobbler-3.0.0+git20190806.32c4bae0-8.22.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0509-1: An update that solves two vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1193671,1193673,1193675,1193676,1193678,1195906,1195918 CVE References: CVE-2021-45082,CVE-2021-45083 JIRA References: Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (src): cobbler-3.1.2-150300.5.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0507-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1193671,1195906 CVE References: CVE-2021-45083 JIRA References: Sources used: SUSE OpenStack Cloud 9 (src): cobbler-2.6.6-49.35.1 SUSE OpenStack Cloud 8 (src): cobbler-2.6.6-49.35.1 SUSE Manager Tools 12 (src): cobbler-2.6.6-49.35.1 HPE Helion Openstack 8 (src): cobbler-2.6.6-49.35.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0062-1: An update that solves 6 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1184561,1185679,1186124,1189458,1193671,1193673,1193675,1193676,1193678,1194333,1195906,1195918 CVE References: CVE-2021-40323,CVE-2021-40324,CVE-2021-40325,CVE-2021-45082,CVE-2021-45083,CVE-2021-45942 JIRA References: Sources used: openSUSE Leap 15.3 (src): openexr-2.2.1-3.41.1 openSUSE Backports SLE-15-SP3 (src): cobbler-3.1.2-bp153.2.3.1
SUSE-FU-2022:0750-1: An update that solves one vulnerability, contains one feature and has 8 fixes is now available. Category: feature (moderate) Bug References: 1097531,1181400,1190462,1190781,1193357,1193565,1193671,1194363,1195906 CVE References: CVE-2021-45083 JIRA References: SLE-22863 Sources used: SUSE Manager Tools 12-BETA (src): cobbler-2.6.6-52.12.1, golang-github-prometheus-prometheus-2.32.1-4.24.1, mgr-cfg-4.3.4-4.21.1, salt-3000-53.5.1, spacecmd-4.3.7-41.33.1, spacewalk-client-tools-4.3.6-55.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.