CVE-2016-9587 – Ansible 2.1.4/2.2.1 - Command Execution
https://notcve.org/view.php?id=CVE-2016-9587
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Ansible, en versiones anteriores a la 2.1.4 y la 2.2.1, es vulnerable a una validación de entradas incorrecta en la gestión de Ansible de datos enviados desde los sistemas de clientes. Un atacante que tenga el control de un sistema de cliente gestionado por Ansible y la capacidad de enviar hechos de vuelta al servidor de Ansible podría usar este error para ejecutar código arbitrario en el servidor de Ansible utilizando los privilegios del servidor de Ansible. An input validation vulnerability was found in Ansible's handling of data sent from client systems. • https://www.exploit-db.com/exploits/41013 http://rhn.redhat.com/errata/RHSA-2017-0195.html http://rhn.redhat.com/errata/RHSA-2017-0260.html http://www.securityfocus.com/bid/95352 https://access.redhat.com/errata/RHSA-2017:0448 https://access.redhat.com/errata/RHSA-2017:0515 https://access.redhat.com/errata/RHSA-2017:1685 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587 https://security.gentoo.org/glsa/201701-77 https://access.redhat.com/security/cve/C • CWE-20: Improper Input Validation •
CVE-2016-8628 – ansible: Command injection by compromised server via fact variables
https://notcve.org/view.php?id=CVE-2016-8628
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. Ansible en versiones anteriores a la 2.2.0 no sanea correctamente las variables de hecho enviadas desde el controlador de Ansible. Un atacante que pueda crear variables especiales en el controlador podría ejecutar comandos arbitrarios en los clientes de Ansible como el usuario como el que se ejecuta Ansible. Ansible fails to properly sanitize fact variables sent from the Ansible controller. • http://www.securityfocus.com/bid/94109 https://access.redhat.com/errata/RHSA-2016:2778 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628 https://access.redhat.com/security/cve/CVE-2016-8628 https://bugzilla.redhat.com/show_bug.cgi?id=1388113 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-3096
https://notcve.org/view.php?id=CVE-2016-3096
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. La función create_script en el módulo lxc_container en Ansible en versiones anteriores a 1.9.6-1 y 2.x en versiones anteriores a 2.0.2.0 permite a usuarios locales escribir en archivos arbitrarios u obtener privilegios a través de un ataque de enlace simbólicos en (1) /opt/.lxc-attach-script, (2) el contenedor archived en el directorio archive_path, o el (3) lxc-attach-script.log o (4) lxc-attach-script.err files en el directorio temporal. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html https://bugzilla.redhat.com/show_bug.cgi?id=1322925 https://github.com/ansible/ansible-modules-extras/pull/1941 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2015-3908
https://notcve.org/view.php?id=CVE-2015-3908
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Vulnerabilidad en Ansible en versiones anteriores a 1.9.2, no verifica que el hostname del servidor coincida con un nombre de dominio en el Common Name (CN) del sujeto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle suplantar servidores SSL a través de un certificado arbitrario válido. • http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html http://www.ansible.com/security http://www.openwall.com/lists/oss-security/2015/07/14/4 https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2014-4678
https://notcve.org/view.php?id=CVE-2014-4678
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. La función safe_eval en Ansible versiones anteriores a 1.6.4, no restringe apropiadamente el subconjunto de códigos, lo que permite a atacantes remotos ejecutar código arbitrario por medio de instrucciones diseñadas. NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta del CVE-2014-4657. • https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916 https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ https://security-tracker.debian.org/tracker/CVE-2014-4678 https://www.openwall.com/lists/oss-security/2014/06/26/30 https://www.openwall.com/lists/oss-security/2014/07/02/2 https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5 https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •