Fedora EPEL 7 update for ansible
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-8647 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system ansible Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper input validation
EUVDB-ID: #VU7411
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-8647
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to bypass security restrictions on the target system.
The weakness exists due to input validation error in Ansible's mysql_user module that may lead to incorrect password changing. An adjacent attacker can use the previous password and bypass security restrictions.
Successful exploitation of the vulnerability may result in access to the system.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
ansible: before 2.2.1.0-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-450698b0ed
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
