UBUNTU-CVE-2012-2395

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2012-2395

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-2395.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2012-2395

Upstream

CVE-2012-2395

Withdrawn

2025-07-18T16:42:46Z

Published

2012-06-16T00:55:00Z

Modified

2025-07-16T07:30:55.518058Z

Severity

Ubuntu - medium

Summary

[none]

Details

Incomplete blacklist vulnerability in actionpower.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the powersystem method in the xmlrpc API.

References

Affected packages

Ubuntu:14.04:LTS / cobbler

Package

Name: cobbler
Purl: pkg:deb/ubuntu/cobbler@2.4.1-0ubuntu2?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.1-0ubuntu2

Affected versions

2.*

2.4.0-0ubuntu4

2.4.1-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "cobbler"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "cobbler-common"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "cobbler-web"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "koan"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "python-cobbler"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "python-koan"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-2395.json"

Ubuntu:16.04:LTS / cobbler

Package

Name: cobbler
Purl: pkg:deb/ubuntu/cobbler@2.4.1-0ubuntu2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.1-0ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "cobbler"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "cobbler-common"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "cobbler-web"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "koan"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "python-cobbler"
        },
        {
            "binary_version": "2.4.1-0ubuntu2",
            "binary_name": "python-koan"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-2395.json"