Arbitrary code execution in Python Ansible Vault
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-2809 |
| CWE-ID | CWE-77 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Ansible Vault Client/Desktop applications / Other client software |
| Vendor | Python.org |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Command injection
EUVDB-ID: #VU8446
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-2809
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary commands on the target system.
The weakness exists in the yaml loading functionality due to improper processing of Yet Another Markup Language (YAML) content. An adjacent attacker can submit a specially crafted vault containing embedded Python code, and execute arbitrary commands.
Successful exploitation of the vulnerability results in code execution and system compromise.
Update to version 1.0.5.
https://pypi.python.org/pypi/ansible-vault/1.0.5
Ansible Vault: 1.0.4
CPE2.3 External linkshttps://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
