Bug 1413581 - CVE-2016-9587 Command execution on Ansible controller from host
Summary: CVE-2016-9587 Command execution on Ansible controller from host
Status: CLOSED DUPLICATE of bug 1412357
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: ansible
Version: epel7
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Kevin Fenzi
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2017-01-16 12:52 UTC by Ruben Püttmann
Modified: 2017-01-16 13:30 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-01-16 13:30:00 UTC
Type: Bug

Attachments (Terms of Use)

Description Ruben Püttmann 2017-01-16 12:52:09 UTC
Summary: Command execution on Ansible controller from host
  Affected software: Ansible
	        CVE: CVE-2016-9587
      Reference URL: https://www.computest.nl/advisories/
  Affected versions: < 2.1.4, < 2.2.1

             Credit: Undisclosed at Computest (research)
Date of publication: January 9, 2017

During a summary code review of Ansible, Computest found and exploited several
issues that allow a compromised host to execute commands on the Ansible
controller and thus gain access to the other hosts controlled by that

Fixed versions are available from upstream

Comment 1 Andrej Nemec 2017-01-16 13:30:00 UTC

*** This bug has been marked as a duplicate of bug 1412357 ***

Note You need to log in before you can comment on or make changes to this bug.