[Bug 858867] Re: XMLRPC allows unauthed users access to various methods (which it shouldn't)

[Dave Walker]

Confirmed, with the following.  Marking medium, and tagging as a
security bug.  I'm not certain it exposes credentials, or anything else
highly privileged.  If this is not the case, please update the bug with
an example.

Thanks.

#!/usr/bin/python
import xmlrpclib
server = xmlrpclib.Server("http://127.0.0.1/cobbler_api")
print server.get_distros()
print server.get_profiles()
print server.get_systems()
print server.get_images()
print server.get_repos()


** Changed in: cobbler (Ubuntu)
   Importance: High => Medium

** Also affects: cobbler (Ubuntu Oneiric)
   Importance: Medium
       Status: New

** Also affects: cobbler (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Changed in: cobbler (Ubuntu Oneiric)
       Status: New => Confirmed

** Changed in: cobbler (Ubuntu Precise)
       Status: New => Confirmed

** Changed in: cobbler (Ubuntu Precise)
   Importance: Undecided => Medium

** Changed in: cobbler (Ubuntu Oneiric)
    Milestone: None => oneiric-updates

** Changed in: cobbler (Ubuntu Precise)
    Milestone: None => precise-alpha-1

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/858867

Title:
  XMLRPC  allows unauthed users access to various methods (which it
  shouldn't)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858867/+subscriptions