Bug 1404378 (CVE-2016-9587)
| Summary: | CVE-2016-9587 Ansible: Compromised remote hosts can lead to running commands on the Ansible controller | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | unspecified | CC: | abutcher, apevec, bleanhar, bmcclain, btotty, carnil, ccoleman, chrisw, cvsbot-xmlrpc, dblechte, dedgar, dmcphers, eedri, esiskonen, gmollett, jcammara, jgoulding, jialiu, jjoyce, jkeck, jlaska, jmckerr, joelsmith, jokerman, jonathan.moore, josborne, jschluet, kbasil, kdreyer, lhh, lmeyer, lpeer, markmc, mgoldboi, michal.skrivanek, mmccomas, notting, rbryant, rcyriac, rhos-maint, sbonazzo, sclewis, sdodson, security-response-team, sgirijan, sisharma, slinaber, slong, ssaha, tdawson, tdecacqu, tvignaud, vbellur, ykaul | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ansible 2.1.4, ansible 2.2.1 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: |
An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-06-08 03:04:22 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1410667, 1410669, 1412356, 1412357, 1412370, 1412371, 1427654, 1427655, 1427656, 1447506 | ||||||
| Bug Blocks: | 1404380, 1410660, 1415044, 1456591 | ||||||
| Attachments: |
|
||||||
|
Description
Kurt Seifried
2016-12-13 17:06:51 UTC
Verified attack vectors across devel branch/2.2/2.1 and have created private branches to address the issue across these versions. Due to the holidays, we will hold off on disclosing the vulnerability and will release new candidate versions for stable-2.1 and stable-2.2 branches (2.1.4 RC1 and 2.2.1 RC3 respectively) ASAP in early January. I've attached the original reporters research and findings. Created attachment 1234010 [details]
Computest's original findings, code and reporting.
Ansible 2.2.1 RC3 and 2.1.4 RC1 were released today, which contain fixes for the security bugs above. We need Fedora and EPEL tracking bugs for this. Created ansible tracking bugs for this issue: Affects: fedora-all [bug 1412356] Affects: epel-all [bug 1412357] v2.2.1.0 was released upstream today and fixes this bug. This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2017:0195 https://rhn.redhat.com/errata/RHSA-2017-0195.html This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 7 Via RHSA-2017:0260 https://rhn.redhat.com/errata/RHSA-2017-0260.html This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.2 Red Hat OpenShift Container Platform 3.3 Red Hat OpenShift Container Platform 3.4 Via RHSA-2017:0448 https://access.redhat.com/errata/RHSA-2017:0448 This issue has been addressed in the following products: Red Hat Storage Console 2 for Red Hat Enteprise Linux 7 Via RHSA-2017:0515 https://access.redhat.com/errata/RHSA-2017:0515 This issue has been addressed in the following products: RHEV Engine version 4.1 Via RHSA-2017:1685 https://access.redhat.com/errata/RHSA-2017:1685 |