1193681 – (cobbler_path_cnf) AUDIT-FIND: COBBLER- binary path confusion

Bug 1193681 (cobbler_path_cnf) - AUDIT-FIND: COBBLER- binary path confusion

Summary: AUDIT-FIND: COBBLER- binary path confusion

Status:	RESOLVED WONTFIX

Alias:	cobbler_path_cnf

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Enno Gotthold
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	1191952
	Show dependency tree / graph

Clone This Bug

Reported:	2021-12-13 14:33 UTC by Paolo Perego
Modified:	2022-10-17 14:55 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 4 Thomas Leroy 2022-02-08 16:25:56 UTC

@Enno, do you prefer to backport this one as well?

Comment 5 Paolo Perego 2022-02-18 14:43:24 UTC

No fix is necessary. The risk we accept is low and the attacking procedure is so complicated. The attacker needs to be already root on the target machine.

Comment 6 Enno Gotthold 2022-10-17 14:55:54 UTC

As discussed with Paolo, there is no good solution I see that is feasible, so I would prefer to keep this closed.