Executive Summary
| Summary | |
|---|---|
| Title | ansible security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2017:0195 | First vendor Publication | 2017-01-25 |
| Vendor | RedHat | Last vendor Modification | 2017-01-25 |
| Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: An update for ansible is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.2.1.0). (BZ#1412370) Security Fix(es): * An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges. (CVE-2016-9587) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1404378 - CVE-2016-9587 Ansible: Compromised remote hosts can lead to running commands on the Ansible controller |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2017-0195.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 6 | |
| Application | 1 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-11-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1259.nasl - Type : ACT_GATHER_INFO |
| 2017-03-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-0515.nasl - Type : ACT_GATHER_INFO |
| 2017-02-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-0260.nasl - Type : ACT_GATHER_INFO |
| 2017-02-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201701-77.nasl - Type : ACT_GATHER_INFO |
| 2017-01-26 | Name : The remote Fedora host is missing a security update. File : fedora_2017-418398ce60.nasl - Type : ACT_GATHER_INFO |
| 2017-01-26 | Name : The remote Fedora host is missing a security update. File : fedora_2017-cb88734094.nasl - Type : ACT_GATHER_INFO |
| 2017-01-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a93c3287d8fd11e6be5c001fbc0f280f.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2018-06-06 17:21:18 |
|
| 2018-04-26 09:21:22 |
|
| 2017-01-26 00:21:57 |
|
