Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.