Bug 1596533 (CVE-2018-10875)
| Summary: | CVE-2018-10875 ansible: ansible.cfg is being read from current working directory allowing possible code execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | a.badger, abhgupta, ahardin, aos-bugs, apevec, athmanem, bbuckingham, bcourt, bkearney, bleanhar, bmcclain, ccoleman, chrisw, cpelland, cshereme, dajohnso, dbaker, dbecker, dblechte, dedgar, dfediuck, dmetzger, dominik.mierzejewski, eedri, eparis, gblomqui, gmccullo, gtanzill, jcammara, jfrey, jgoulding, jhardy, jjoyce, jmatthew, jokerman, jprause, jschluet, jupierce, kbasil, kdixon, kdube, kevin, lhh, lpeer, markmc, maxim, mburns, mchappel, mgoldboi, michal.skrivanek, mmccomas, mmccune, mrike, obarenbo, ohadlevy, pcahyna, rbryant, rchan, rhos-maint, rjerrido, roliveri, sbonazzo, sclewis, security-response-team, sherold, simaishi, sisharma, slinaber, smallamp, smunilla, ssaha, sthangav, tcarlin, tdecacqu, tkuratom, trankin, tsanders, tvignaud, vbellur |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ansible 2.4.6, ansible 2.5.6, ansible 2.6.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:30:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1598803, 1598804, 1598805, 1598806, 1598813, 1598814, 1599297, 1602764, 1602765, 1602766, 1602767, 1607722, 1611793, 1611794, 1611795, 1636193, 1636195 | ||
| Bug Blocks: | 1596534 | ||
|
Description
Adam Mariš
2018-06-29 08:03:46 UTC
Acknowledgments: Name: Brian Coca (Red Hat) s/cam/can/ Created ansible tracking bugs for this issue: Affects: epel-all [bug 1598806] Affects: fedora-all [bug 1598805] This issue has been addressed in the following products: Red Hat Ansible Engine 2.5 for RHEL 7 Via RHSA-2018:2150 https://access.redhat.com/errata/RHSA-2018:2150 This issue has been addressed in the following products: Red Hat Ansible Engine 2 for RHEL 7 Via RHSA-2018:2151 https://access.redhat.com/errata/RHSA-2018:2151 This issue has been addressed in the following products: Red Hat Ansible Engine 2.4 for RHEL 7 Via RHSA-2018:2152 https://access.redhat.com/errata/RHSA-2018:2152 This issue has been addressed in the following products: Red Hat Ansible Engine 2.6 for RHEL 7 Via RHSA-2018:2166 https://access.redhat.com/errata/RHSA-2018:2166 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2018:2321 https://access.redhat.com/errata/RHSA-2018:2321 Upstream patch: https://github.com/ansible/ansible/pull/42070 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2018:2585 https://access.redhat.com/errata/RHSA-2018:2585 This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:0054 https://access.redhat.com/errata/RHSA-2019:0054 Statement: Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository. |