Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1388113 - (CVE-2016-8628) CVE-2016-8628 ansible: Command injection by compromised server via fact variables
CVE-2016-8628 ansible: Command injection by compromised server via fact varia...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20161101,repor...
: Reopened, Security
Depends On: 1390646 1390647 1390648 1390649 1390681 1396333
Blocks: 1388114
  Show dependency treegraph
 
Reported: 2016-10-24 09:37 EDT by Adam Mariš
Modified: 2018-07-31 14:50 EDT (History)
46 users (show)

See Also:
Fixed In Version: Ansible 2.2.0
Doc Type: If docs needed, set a value
Doc Text:
Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-12-15 00:30:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2778 normal SHIPPED_LIVE Moderate: atomic-openshift-utils security and bug fix update 2016-11-15 19:08:29 EST

  None (edit)
Description Adam Mariš 2016-10-24 09:37:25 EDT 
It was found that it's possible to inject code and gain remote code execution via setting ansible_ssh_executable variable by attacker that takes over of controlled server.
Comment 1 Adam Mariš 2016-10-24 09:37:55 EDT 
Acknowledgments:

Name: Michael Scherer (Red Hat)
Comment 2 Kurt Seifried 2016-11-01 11:23:05 EDT 
Created ansible1.9 tracking bugs for this issue:

Affects: fedora-all [bug 1390647]
Affects: epel-all [bug 1390649]
Comment 3 Kurt Seifried 2016-11-01 11:23:26 EDT 
Created ansible tracking bugs for this issue:

Affects: fedora-all [bug 1390646]
Affects: epel-all [bug 1390648]
Comment 4 Kurt Seifried 2016-11-01 11:28:46 EDT 
This issue is addressed in Ansible 2.2.0 available at:

https://github.com/ansible/ansible/releases/tag/v2.2.0.0-1
Comment 5 Kurt Seifried 2016-11-01 11:34:58 EDT 
Downgrading this issue from High to Medium as it requires a compromised server in order to exploit a client.
Comment 8 Kurt Seifried 2016-11-14 13:24:00 EST 
Updated affects, 1.9 is not affected.
Comment 9 errata-xmlrpc 2016-11-15 14:09:59 EST 
This issue has been addressed in the following products:

  Red Hat OpenShift Enterprise 3.2
  Red Hat OpenShift Container Platform 3.3

Via RHSA-2016:2778 https://access.redhat.com/errata/RHSA-2016:2778
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.