SB2019062713 - OpenSUSE Linux update for ansible

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019062713

SB2019062713 - OpenSUSE Linux update for ansible

Published: June 27, 2019

Security Bulletin ID SB2019062713
CSH Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-16837)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Ansible "User" module exposes data passed as parameter to ssh-keygen. A local user with ability to view process list can obtain sensitive information.


2) Information disclosure (CVE-ID: CVE-2018-16859)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker with administrative privileges to obtain potentially sensitive information.

The vulnerability exists due to the plaintext exposure of “become” passwords when Ansible playbooks are executed on a Windows system with PowerShell scriptblock logging and module logging. A local attacker can discover the plaintext password that can be used to conduct further attacks.


3) Information disclosure (CVE-ID: CVE-2018-16876)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to the affected software does not honor the no_log flag for failed tasks with vvv+ mode enabled. A remote attacker can send a specially crafted request to a targeted system via a connection plug-in that is designed to trigger connection exceptions, which could cause task information to be logged and access sensitive information, which could be used to conduct further attacks.


4) Path traversal (CVE-ID: CVE-2019-3828)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and copy and overwrite files outside of the specified destination in the local ansible controller host.


Remediation

Install update from vendor's website.

References