Command injection in Ansible Vault

#VU8446 Command injection in Ansible Vault

Published: 2017-09-15

Vulnerability identifier: #VU8446

Vulnerability risk: Low

CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-2809

CWE-ID: CWE-77

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Ansible Vault
Client/Desktop applications / Other client software

Vendor: Python.org

Description
The vulnerability allows an adjacent attacker to execute arbitrary commands on the target system.

The weakness exists in the yaml loading functionality due to improper processing of Yet Another Markup Language (YAML) content. An adjacent attacker can submit a specially crafted vault containing embedded Python code, and execute arbitrary commands.

Successful exploitation of the vulnerability results in code execution and system compromise.

Mitigation
Update to version 1.0.5.
https://pypi.python.org/pypi/ansible-vault/1.0.5

Vulnerable software versions

Ansible Vault: 1.0.4

External links
http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Arbitrary code execution in Python Ansible Vault