Multiple vulnerabilities in Ansible
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2014-4658 CVE-2014-4659 CVE-2014-4660 |
| CWE-ID | CWE-200 CWE-522 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ansible Server applications / Remote management servers, RDP, SSH |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU30355
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-4658
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
MitigationInstall update from vendor's website.
Vulnerable software versionsAnsible: 1.5.0 - 1.5.4
External linkshttp://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
http://www.securityfocus.com/bid/68233
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficiently protected credentials
EUVDB-ID: #VU30356
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-4659
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
MitigationInstall update from vendor's website.
Vulnerable software versionsAnsible: 1.5.0 - 1.5.4
External linkshttp://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
http://www.securityfocus.com/bid/68234
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insufficiently protected credentials
EUVDB-ID: #VU30358
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-4660
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.
MitigationInstall update from vendor's website.
Vulnerable software versionsAnsible: 1.5.0 - 1.5.4
External linkshttp://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md
http://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
http://security-tracker.debian.org/tracker/CVE-2014-4660
http://www.openwall.com/lists/oss-security/2014/06/26/19
http://www.securityfocus.com/bid/68231
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
