OpenSUSE Linux update for ansible



| Updated: 2019-05-15
Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2016-9587
CVE-2017-7466
CVE-2017-7481
CVE-2018-10855
CVE-2018-10875
CVE-2018-16859
CVE-2018-16876
CWE-ID CWE-20
CWE-94
CWE-200
CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 SUSE Linux
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU6639

Risk: Medium

CVSSv4.0: 7.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2016-9587,CVE-2017-7466

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing responses, send by clients to Ansible server. A remote client can send a specially crafted response and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 15

CPE2.3 External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00057.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper input validation

EUVDB-ID: #VU6640

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-7481

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing responses for lookup() calls. A remote client can can inject unicode strings which may then be parsed by the jinja2 templating system resulting in code execution.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 15

CPE2.3 External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00057.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU13542

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-10855

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper honor of the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 15

CPE2.3 External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00057.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Privilege escalation

EUVDB-ID: #VU14158

Risk: Low

CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]

CVE-ID: CVE-2018-10875

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to the system loads inventory variables from the current working directory when running an ad-hoc command. A local attacker can modify the variables and execute arbitrary code from those paths with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 15

CPE2.3 External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00057.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU16312

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-16859

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker with administrative privileges to obtain potentially sensitive information.

The vulnerability exists due to the plaintext exposure of “become” passwords when Ansible playbooks are executed on a Windows system with PowerShell scriptblock logging and module logging. A local attacker can discover the plaintext password that can be used to conduct further attacks.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 15

CPE2.3 External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00057.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU16629

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-16876

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to the affected software does not honor the no_log flag for failed tasks with vvv+ mode enabled. A remote attacker can send a specially crafted request to a targeted system via a connection plug-in that is designed to trigger connection exceptions, which could cause task information to be logged and access sensitive information, which could be used to conduct further attacks.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 15

CPE2.3 External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00057.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###