SB2018080407 - Privilege escalation in ansible (Alpine package)
Published: August 4, 2018
Security Bulletin ID
SB2018080407
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Privilege escalation (CVE-ID: CVE-2018-10875)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to the system loads inventory variables from the current working directory when running an ad-hoc command. A local attacker can modify the variables and execute arbitrary code from those paths with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.