CVE-2021-45083
📋 TL;DR
CVE-2021-45083 is a privilege escalation vulnerability in Cobbler where sensitive files containing password hashes and configuration secrets are world-readable. This allows local users with non-privileged access to potentially crack passwords and gain elevated privileges. Systems running Cobbler versions before 3.3.1 are affected.
💻 Affected Systems
- Cobbler
📦 What is this software?
Cobbler by Cobbler Project
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Local attacker cracks weak password hashes, gains administrative access to Cobbler, and potentially compromises the entire system management infrastructure.
Likely Case
Local user reads sensitive configuration data and password hashes, enabling privilege escalation within the Cobbler environment.
If Mitigated
With proper file permissions and strong passwords, impact is limited to information disclosure without successful privilege escalation.
🎯 Exploit Status
Exploitation requires local access and involves simple file reading commands. Password cracking depends on password strength.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.3.1
Vendor Advisory: https://github.com/cobbler/cobbler/releases/tag/v3.3.1
Restart Required: No
Instructions:
1. Update Cobbler to version 3.3.1 or later using your package manager. 2. For Red Hat/Fedora: 'sudo dnf update cobbler'. 3. For Debian/Ubuntu: 'sudo apt update && sudo apt install cobbler'. 4. Verify file permissions in /etc/cobbler are properly set.
🔧 Temporary Workarounds
Set proper file permissions
linuxManually change permissions on sensitive files to restrict access to root only
sudo chmod 600 /etc/cobbler/users.digest
sudo chmod 600 /etc/cobbler/settings.yaml
sudo chmod 700 /etc/cobbler
🧯 If You Can't Patch
- Implement strict access controls to limit local user access to Cobbler servers
- Regularly audit and monitor file permissions in /etc/cobbler directory
🔍 How to Verify
Check if Vulnerable:
Check if Cobbler version is below 3.3.1 and verify file permissions: 'ls -la /etc/cobbler/users.digest /etc/cobbler/settings.yaml' - files should not be world-readableCheck Version:
cobbler --version | head -1Verify Fix Applied:
Confirm Cobbler version is 3.3.1+ and verify file permissions are restricted: 'stat -c '%a %n' /etc/cobbler/users.digest /etc/cobbler/settings.yaml' should show 600📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to /etc/cobbler files
- Failed authentication attempts followed by successful privileged access
Network Indicators:
- N/A - This is a local file system vulnerability
SIEM Query:
source="/var/log/secure" AND ("permission denied" OR "access denied") AND "/etc/cobbler"🔗 References
- https://bugzilla.suse.com/show_bug.cgi?id=1193671
- https://github.com/cobbler/cobbler/releases
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/
- https://www.openwall.com/lists/oss-security/2022/02/18/3
- https://bugzilla.suse.com/show_bug.cgi?id=1193671
- https://github.com/cobbler/cobbler/releases
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/
- https://www.openwall.com/lists/oss-security/2022/02/18/3
