Hmm, I'm not sure that I would classify a user mis-configuration as a software
security issue.
-- Chris
On May 7, 2014, at 4:28 AM, Dolev Farhi <[email protected]> wrote:
> hello,
>
> I would like to know whether this issue has been addressed before:
>
> I have created a regular cobbler profile, nothing fancy.
>
> The only thing I did different is changing the ‘Kickstart’ value to the
> famous /etc/passwd file.
>
> After saving the profile, I went to ‘View Kickstart’ and managed to get all
> the passwd content.
>
> This issue allows any remote attacker to get the local users list and I am
> quite sure this can be classified as a security vulnerability.
>
> Please let me know as we have multiple cobbler instances here.
>
> --
>
> df
>
>
>
>
>
>
>
>
>
> _______________________________________________
> cobbler mailing list
> [email protected]
> https://lists.fedorahosted.org/mailman/listinfo/cobbler
_______________________________________________
cobbler mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/cobbler
