SB2018071031 - Red Hat update for ansible 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018071031

SB2018071031 - Red Hat update for ansible

Published: July 10, 2018

Security Bulletin ID SB2018071031
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2018-10874)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to the system reads the 'ansible.cfg' file from the current working directory when running an ad-hoc command. A local attacker can modify the file to reference arbitrary plugin or module paths and execute arbitrary code from those paths with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Privilege escalation (CVE-ID: CVE-2018-10875)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to the system loads inventory variables from the current working directory when running an ad-hoc command. A local attacker can modify the variables and execute arbitrary code from those paths with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References