Bug 1413581 - CVE-2016-9587 Command execution on Ansible controller from host
Summary: CVE-2016-9587 Command execution on Ansible controller from host
Keywords:
Status: CLOSED DUPLICATE of bug 1412357
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: ansible
Version: epel7
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Kevin Fenzi
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-16 12:52 UTC by Ruben Püttmann
Modified: 2017-01-16 13:30 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-16 13:30:00 UTC
Type: Bug


Attachments (Terms of Use)

Description Ruben Püttmann 2017-01-16 12:52:09 UTC
Summary: Command execution on Ansible controller from host
  Affected software: Ansible
	        CVE: CVE-2016-9587
      Reference URL: https://www.computest.nl/advisories/
                     CT-2017-0109_Ansible.txt
  Affected versions: < 2.1.4, < 2.2.1

             Credit: Undisclosed at Computest (research@computest.nl)
Date of publication: January 9, 2017

During a summary code review of Ansible, Computest found and exploited several
issues that allow a compromised host to execute commands on the Ansible
controller and thus gain access to the other hosts controlled by that
controller. 

Fixed versions are available from upstream

Comment 1 Andrej Nemec 2017-01-16 13:30:00 UTC

*** This bug has been marked as a duplicate of bug 1412357 ***


Note You need to log in before you can comment on or make changes to this bug.