Synopsis :

The remote service is affected by a command injection vulnerability.

Description :

According to its self-reported version, the Cobbler install on the
remote host is affected by a command injection vulnerability that can
be exploited by sending a specially crafted username or password
argument to the 'power_system' method.

Successful exploitation requires an authenticated user and xmlrpc API
access.

See also :

http://www.nessus.org/u?0c3391f4
https://github.com/cobbler/cobbler/issues/141
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999

Solution :

Upgrade to the latest developmental version of Cobbler or apply the
fixes manually.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false