CVE-2015-6240
Ubuntu Security Notice USN-7330-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
Los plugins chroot, jail, y zone connection en Ansible anterior a versión 1.9.2 permiten a los usuarios locales escapar de un entorno restringido por medio de un ataque de enlace simbólico (symlink).
It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possibly use this issue to spoof SSL servers if they were able to intercept network communications. This issue only affected Ubuntu 14.04 LTS. Martin Carpenter discovered that certain connection plugins for Ansible did not properly restrict users. An attacker with local access could possibly use this issue to escape a restricted environment via symbolic links misuse. This issue only affected Ubuntu 14.04 LTS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-08-14 CVE Reserved
- 2017-06-07 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/08/17/10 | Mailing List |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=1243468 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|