Main Vulnerability Database Vulnerabilities #VU6639

#VU6639 Improper input validation in Red Hat OpenShift Container Platform - CVE-2016-9587,CVE-2017-7466

Published: May 17, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU6639

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2016-9587,CVE-2017-7466

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: Public exploit is available

Vulnerable software:
Red Hat OpenShift Container Platform

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing responses, send by clients to Ansible server. A remote client can send a specially crafted response and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's repository.

Red Hat OpenShift Container Platform 3.5

SRPM
ansible-2.2.3.0-1.el7.src.rpm	SHA-256: 988c92cd44be55653d279f84a5d97d2431c86a71385371f49cbb4f3848baff48
openshift-ansible-3.5.71-1.git.0.128c2db.el7.src.rpm	SHA-256: 7072e36afb768955c2eae3c1fd0bc0b6fdac64a89a9d7b48a5fe3520684d1970
x86_64
ansible-2.2.3.0-1.el7.noarch.rpm	SHA-256: 9fe1329c586a25834627eecff63db5b2fec5fbe1305eff434b3155ee81cb957f
atomic-openshift-utils-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: a9c98e86ee8e874620923afb237e332dc748229d5491f2ba840b93900bb97116
openshift-ansible-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 37be7b3ac39e46ae43e07b32bbadb0b39a66431463a7311c03bd45586fbec35f
openshift-ansible-callback-plugins-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 392751f8f044ed723aab6bbb6d4351792a1f9ae09b100f80bdfa33157b401a39
openshift-ansible-docs-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 1ae22cbee56abf480895920f62304ce5fd64636d2723a5dd822366b8c61115c5
openshift-ansible-filter-plugins-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: acab7b9c30266fdb4b0117141ea7773b7f523446e95fe54c879162ea753d0add
openshift-ansible-lookup-plugins-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: fcba26f0930deef14bb0011b991b4f5155a1dfb441922fa1acef18fdb3581122
openshift-ansible-playbooks-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 3ff38bfd65af83de74e81ecbc082a06171ae50c2a7177ba5fd67898a549bc8eb
openshift-ansible-roles-3.5.71-1.git.0.128c2db.el7.noarch.rpm	SHA-256: 78eba5ca0ae40839eb156c4483c9806bb5587c3663ea3f863c19c6cbe0a49e3d

Red Hat OpenShift Container Platform 3.4

SRPM
ansible-2.2.3.0-1.el7.src.rpm	SHA-256: 988c92cd44be55653d279f84a5d97d2431c86a71385371f49cbb4f3848baff48
openshift-ansible-3.4.89-1.git.0.ac29ce8.el7.src.rpm	SHA-256: e6edd94419288019ef93569f6a0eddb74cf5a93b17fdffca0cabd2313813d56f
x86_64
ansible-2.2.3.0-1.el7.noarch.rpm	SHA-256: 9fe1329c586a25834627eecff63db5b2fec5fbe1305eff434b3155ee81cb957f
atomic-openshift-utils-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: 1f37982a80885b4c15152a417a9e6c20d446951107808311aba6f1d1624b3148
openshift-ansible-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: 36db61a640533927db9a4fc57f2a594e3a711cc4489922491fcaedd0e0a5fef1
openshift-ansible-callback-plugins-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: 15b17e88aebe82f1b8ee4a66f0ae6c4df7ef2e0883271f649413f59860f390b8
openshift-ansible-docs-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: a1b825d5c540ce15d24a5372a2557a43a6ea4ce1fba436f5d744fd1110f06971
openshift-ansible-filter-plugins-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: a9f2f618d36645e958d28da173c2a04202b6c8b76c58e2bf3716b8999a7604b2
openshift-ansible-lookup-plugins-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: 70c2ff5d078f7be355952b5fe4583f7da7c6401bffcc07ec5069edd1c630b756
openshift-ansible-playbooks-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: fc91ec9e4b13ba8811b04f582b0fbfb99bdf0f767df0ea0ea0869a9557f66ab6
openshift-ansible-roles-3.4.89-1.git.0.ac29ce8.el7.noarch.rpm	SHA-256: a082eb3b744f354d3f94b8a0c36fac71f3a1e5d580b89bad0dcc909b7c3e310c

Red Hat OpenShift Container Platform 3.3

SRPM
ansible-2.2.3.0-1.el7.src.rpm	SHA-256: 988c92cd44be55653d279f84a5d97d2431c86a71385371f49cbb4f3848baff48
openshift-ansible-3.3.82-1.git.0.af0c922.el7.src.rpm	SHA-256: 33938512c015d682f233fdf03f967c2158a0ff1bff45bbaad53c3aaefefe5eb5
x86_64
ansible-2.2.3.0-1.el7.noarch.rpm	SHA-256: 9fe1329c586a25834627eecff63db5b2fec5fbe1305eff434b3155ee81cb957f
atomic-openshift-utils-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: bb935752127fefdb945caad3319d0eee7f9c67c3d3a944e29065b3cdbdd67a17
openshift-ansible-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: a72cb607abb4322b8b3c8511c8920ad4c46df3d64f7213f552950f10e216f89a
openshift-ansible-callback-plugins-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 334bd466dac0cb262969b556d0c3b581c4772dbd2d6b33290be5e469dc783c01
openshift-ansible-docs-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 9bbff60357c2c86f520f5e2bb5d16ce385c5b80c97a7781b37bea2a2dc0c8c68
openshift-ansible-filter-plugins-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 12c2ad25beff0cde04f84e68525bb95d31b1f053e35913bd50c290614fe869c4
openshift-ansible-lookup-plugins-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: c4646860b3f4b3fee49fceaca3f5147e68fb4b2e37edb171898a98bb22ec3f1e
openshift-ansible-playbooks-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 02664ac20e869cb4f9c82246670d3e002161e2ebd3041046715277cebc3996f3
openshift-ansible-roles-3.3.82-1.git.0.af0c922.el7.noarch.rpm	SHA-256: 2261624540dab20d18ea7222b83dcaaf4724fb704a0e041bde5283d0d4529314

Red Hat OpenShift Container Platform 3.2

SRPM
ansible-2.2.3.0-1.el7.src.rpm	SHA-256: 988c92cd44be55653d279f84a5d97d2431c86a71385371f49cbb4f3848baff48
openshift-ansible-3.2.56-1.git.0.b844ab7.el7.src.rpm	SHA-256: 4c1ae1c92b00251b3c2ccfb208efb639d8656101f854b07648364f20dbc2b251
x86_64
ansible-2.2.3.0-1.el7.noarch.rpm	SHA-256: 9fe1329c586a25834627eecff63db5b2fec5fbe1305eff434b3155ee81cb957f
atomic-openshift-utils-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: 8ecc94b0d7f5c1f5168342d50f4f527f02c2a3f837c37bf12a29e2e5dbdf0418
openshift-ansible-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: 8f2aec6801d64fe8fc876d21d0177ce0ea5658b3c99d2b35d07f78c360c91136
openshift-ansible-docs-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: 7a10522f8a9594a992a78e135564467e05c89df1e1ad57deed17eac7ca40542f
openshift-ansible-filter-plugins-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: b7bd23002683bf1460fb2b42aa482ccf9b4a710722f49dd192f872c24b29db20
openshift-ansible-lookup-plugins-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: e081bab14c9cc0d953d9bdd0a5bd44bc0f52775bc4217d47b28e37ce1204ff57
openshift-ansible-playbooks-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: a190dd379356b7820f70b5a0fb1a8752891476153e836c0785ed8381ab749856
openshift-ansible-roles-3.2.56-1.git.0.b844ab7.el7.noarch.rpm	SHA-256: 1b05ce41214453a0eb9a7fc0342f3bd49781a8ea7270ebe2ce6fd43dc631ff7f

External links

https://access.redhat.com/errata/RHSA-2017:1244