marking wontfix as per discussion
** Changed in: cobbler (Ubuntu)
Status: Triaged = Won't Fix
** Changed in: cobbler (Ubuntu)
Milestone: quantal-alpha-3 = None
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
Will it be fixed in Ubuntu 12.04 release because it is important security
issue??
It is security issue!!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users
This is not an issue that will be closed as described, as many do not
feel that it is something that worthy of significant work. We would be
happy to sponsor a patch, which exposes this as an option to disable..
but it's not something that will be driven by those currently involved.
I am sorry if
** Changed in: cobbler (Ubuntu Quantal)
Status: Triaged = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users access to various methods
This bug was fixed in the package cobbler - 2.2.2-0ubuntu36
---
cobbler (2.2.2-0ubuntu36) quantal; urgency=low
* debian/README.Debian: Add Warning note mentioning that XMLRPC API allows
unauthenticated access to certain API methods. (LP: #858867)
-- Andres Rodriguez
** Branch linked: lp:ubuntu/cobbler
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users access to various methods (which it
shouldn't)
To manage
Notes from todays IRC meeting:
Launchpad bug 858867 in cobbler (Ubuntu Quantal) XMLRPC allows unauthed users
access to various methods (which it shouldn't) [Medium,Triaged]
https://launchpad.net/bugs/858867
jamespage o/
I second smoser's opinion on this bug
its never going to be fixed - so
** Changed in: cobbler (Ubuntu Quantal)
Assignee: Ubuntu Server Team (ubuntu-server) = Andres Rodriguez
(andreserl)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows
In my opinion as the maintainer, this is not a bug and will not be fixed
upstream. Any functions that modify data require a login, and certain
functions (like those performed by koan) require access to the XMLRPC
endpoint without a login or access to the token stored locally for the
CLI. At no
Given James' and Daviey's comments above, I think we should just let this be.
Its more likely that sensitive information would live in the kickstart files
(url=) which are not protected at all either.
Is there some appropriate way to document this and close it as such?
--
You received this bug
Daviey: Can we get a status update on this one? are you guys still
planning on having it fixed for the point release?
** Changed in: cobbler (Ubuntu Quantal)
Status: Confirmed = Triaged
** Changed in: cobbler (Ubuntu Precise)
Status: Confirmed = Triaged
** Changed in: cobbler
** Also affects: cobbler (Ubuntu Quantal)
Importance: Medium
Assignee: Ubuntu Server Team (ubuntu-server)
Status: Confirmed
** Changed in: cobbler (Ubuntu Quantal)
Milestone: quantal-alpha-2 = quantal-alpha-3
--
You received this bug notification because you are a member of
** Changed in: cobbler (Ubuntu)
Milestone: quantal-alpha-1 = quantal-alpha-2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users access to various methods
** Changed in: cobbler (Ubuntu Precise)
Milestone: ubuntu-12.04 = ubuntu-12.04.1
** Changed in: cobbler (Ubuntu)
Milestone: ubuntu-12.04 = quantal-alpha-1
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
** Changed in: cobbler (Ubuntu Precise)
Milestone: ubuntu-12.04-beta-2 = ubuntu-12.04
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users access to
** Changed in: cobbler (Ubuntu)
Milestone: ubuntu-12.04-beta-1 = ubuntu-12.04-beta-2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users access to various
** Changed in: cobbler (Ubuntu)
Milestone: precise-alpha-2 = ubuntu-12.04-beta-1
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is a bug assignee.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users access to various
updating milestone, since wasn't release as part of alpha-1
** Changed in: cobbler (Ubuntu Precise)
Milestone: precise-alpha-1 = precise-alpha-2
** Tags added: rls-mgr-p-trackign
** Tags removed: rls-mgr-p-trackign
** Tags added: rls-mgr-p-tracking
--
You received this bug notification
** Changed in: cobbler (Ubuntu Oneiric)
Assignee: (unassigned) = Ubuntu Server Team (ubuntu-server)
** Changed in: cobbler (Ubuntu Precise)
Assignee: (unassigned) = Ubuntu Server Team (ubuntu-server)
--
You received this bug notification because you are a member of Ubuntu
Server Team,
Right - well the impact / if this is even a security bug is going to
be up to the user. Personally, I don't see why the methods are exposed
without good reason - is it a requirement that they are exposed?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which
Confirmed, with the following. Marking medium, and tagging as a
security bug. I'm not certain it exposes credentials, or anything else
highly privileged. If this is not the case, please update the bug with
an example.
Thanks.
#!/usr/bin/python
import xmlrpclib
server =
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users access to various methods (which it
shouldn't)
To
** Changed in: cobbler (Ubuntu)
Importance: Undecided = High
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/858867
Title:
XMLRPC allows unauthed users access to various methods
23 matches
Mail list logo