Main Vulnerability Database Vulnerabilities #VU6639

Improper input validation in Red Hat OpenShift Container Platform - CVE-2016-9587,CVE-2017-7466

Published: May 17, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU6639

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2016-9587,CVE-2017-7466

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: Public exploit is available

Vendor: Red Hat Inc.

Affected software:
Red Hat OpenShift Container Platform

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing responses, send by clients to Ansible server. A remote client can send a specially crafted response and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2016-9587,CVE-2017-7466

Install update from vendor's repository.

Red Hat OpenShift Container Platform 3.5

SRPM
ansible-2.2.3.0-1.el7.src.rpm	SHA-256: 988c92cd44be55653d279f84a5d97d2431c86a71385371f49cbb4f3848baff48
openshift-ansible-3.5.71-1.git.0.128c2db.el7.src.rpm	SHA-256: 7072e36afb768955c2eae3c1fd0bc0b6fdac64a89a9d7b48a5fe3520684d1970
x86_64
ansible-2.2.3.0-1.el7.noarch.rpm	SHA-256: 9fe1329c586a25834627eecff63db5b2fec5fbe1305eff434b3155ee81cb957f
atomic-openshift-utils-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: a9c98e86ee8e874620923afb237e332dc748229d5491f2ba840b93900bb97116
openshift-ansible-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 37be7b3ac39e46ae43e07b32bbadb0b39a66431463a7311c03bd45586fbec35f
openshift-ansible-callback-plugins-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 392751f8f044ed723aab6bbb6d4351792a1f9ae09b100f80bdfa33157b401a39
openshift-ansible-docs-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 1ae22cbee56abf480895920f62304ce5fd64636d2723a5dd822366b8c61115c5
openshift-ansible-filter-plugins-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: acab7b9c30266fdb4b0117141ea7773b7f523446e95fe54c879162ea753d0add
openshift-ansible-lookup-plugins-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: fcba26f0930deef14bb0011b991b4f5155a1dfb441922fa1acef18fdb3581122
openshift-ansible-playbooks-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 3ff38bfd65af83de74e81ecbc082a06171ae50c2a7177ba5fd67898a549bc8eb
openshift-ansible-roles-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 78eba5ca0ae40839eb156c4483c9806bb5587c3663ea3f863c19c6cbe0a49e3d

Red Hat OpenShift Container Platform 3.4

SRPM
ansible-2.2.3.0-1.el7.src.rpm	SHA-256: 988c92cd44be55653d279f84a5d97d2431c86a71385371f49cbb4f3848baff48
openshift-ansible-3.4.89-1.git.0.ac29ce8.el7.src.rpm	SHA-256: e6edd94419288019ef93569f6a0eddb74cf5a93b17fdffca0cabd2313813d56f
x86_64
ansible-2.2.3.0-1.el7.noarch.rpm	SHA-256: 9fe1329c586a25834627eecff63db5b2fec5fbe1305eff434b3155ee81cb957f
atomic-openshift-utils-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: 1f37982a80885b4c15152a417a9e6c20d446951107808311aba6f1d1624b3148
openshift-ansible-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: 36db61a640533927db9a4fc57f2a594e3a711cc4489922491fcaedd0e0a5fef1
openshift-ansible-callback-plugins-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: 15b17e88aebe82f1b8ee4a66f0ae6c4df7ef2e0883271f649413f59860f390b8
openshift-ansible-docs-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: a1b825d5c540ce15d24a5372a2557a43a6ea4ce1fba436f5d744fd1110f06971
openshift-ansible-filter-plugins-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: a9f2f618d36645e958d28da173c2a04202b6c8b76c58e2bf3716b8999a7604b2
openshift-ansible-lookup-plugins-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: 70c2ff5d078f7be355952b5fe4583f7da7c6401bffcc07ec5069edd1c630b756
openshift-ansible-playbooks-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: fc91ec9e4b13ba8811b04f582b0fbfb99bdf0f767df0ea0ea0869a9557f66ab6
openshift-ansible-roles-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: a082eb3b744f354d3f94b8a0c36fac71f3a1e5d580b89bad0dcc909b7c3e310c

Red Hat OpenShift Container Platform 3.3

SRPM
ansible-2.2.3.0-1.el7.src.rpm	SHA-256: 988c92cd44be55653d279f84a5d97d2431c86a71385371f49cbb4f3848baff48
openshift-ansible-3.3.82-1.git.0.af0c922.el7.src.rpm	SHA-256: 33938512c015d682f233fdf03f967c2158a0ff1bff45bbaad53c3aaefefe5eb5
x86_64
ansible-2.2.3.0-1.el7.noarch.rpm	SHA-256: 9fe1329c586a25834627eecff63db5b2fec5fbe1305eff434b3155ee81cb957f
atomic-openshift-utils-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: bb935752127fefdb945caad3319d0eee7f9c67c3d3a944e29065b3cdbdd67a17
openshift-ansible-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: a72cb607abb4322b8b3c8511c8920ad4c46df3d64f7213f552950f10e216f89a
openshift-ansible-callback-plugins-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 334bd466dac0cb262969b556d0c3b581c4772dbd2d6b33290be5e469dc783c01
openshift-ansible-docs-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 9bbff60357c2c86f520f5e2bb5d16ce385c5b80c97a7781b37bea2a2dc0c8c68
openshift-ansible-filter-plugins-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 12c2ad25beff0cde04f84e68525bb95d31b1f053e35913bd50c290614fe869c4
openshift-ansible-lookup-plugins-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: c4646860b3f4b3fee49fceaca3f5147e68fb4b2e37edb171898a98bb22ec3f1e
openshift-ansible-playbooks-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 02664ac20e869cb4f9c82246670d3e002161e2ebd3041046715277cebc3996f3
openshift-ansible-roles-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 2261624540dab20d18ea7222b83dcaaf4724fb704a0e041bde5283d0d4529314

Red Hat OpenShift Container Platform 3.2

SRPM
ansible-2.2.3.0-1.el7.src.rpm	SHA-256: 988c92cd44be55653d279f84a5d97d2431c86a71385371f49cbb4f3848baff48
openshift-ansible-3.2.56-1.git.0.b844ab7.el7.src.rpm	SHA-256: 4c1ae1c92b00251b3c2ccfb208efb639d8656101f854b07648364f20dbc2b251
x86_64
ansible-2.2.3.0-1.el7.noarch.rpm	SHA-256: 9fe1329c586a25834627eecff63db5b2fec5fbe1305eff434b3155ee81cb957f
atomic-openshift-utils-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: 8ecc94b0d7f5c1f5168342d50f4f527f02c2a3f837c37bf12a29e2e5dbdf0418
openshift-ansible-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: 8f2aec6801d64fe8fc876d21d0177ce0ea5658b3c99d2b35d07f78c360c91136
openshift-ansible-docs-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: 7a10522f8a9594a992a78e135564467e05c89df1e1ad57deed17eac7ca40542f
openshift-ansible-filter-plugins-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: b7bd23002683bf1460fb2b42aa482ccf9b4a710722f49dd192f872c24b29db20
openshift-ansible-lookup-plugins-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: e081bab14c9cc0d953d9bdd0a5bd44bc0f52775bc4217d47b28e37ce1204ff57
openshift-ansible-playbooks-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: a190dd379356b7820f70b5a0fb1a8752891476153e836c0785ed8381ab749856
openshift-ansible-roles-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: 1b05ce41214453a0eb9a7fc0342f3bd49781a8ea7270ebe2ce6fd43dc631ff7f

Sources

https://access.redhat.com/errata/RHSA-2017:1244