Project

General

Profile

Bug #6782

ansible: host to controller command execution vulnerability (CVE-2016-9587)

Added by Alicha CH over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
01/31/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed
by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges.

Fixed in:

Ansible 2.2.1, and 2.1.4

References:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846


Subtasks

Bug #6783: [3.5] ansible: host to controller command execution vulnerability (CVE-2016-9587)Closed

Bug #6784: [3.4] ansible: host to controller command execution vulnerability (CVE-2016-9587)Closed

History

#1 Updated by Alicha CH over 2 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF