cnvd - cnvd-2017-00498

cnvd-2017-00498

Vulnerability from cnvd

Title: Ansible任意命令执行漏洞

Description:

Ansible是一款计算机系统配置管理器，它可用于发布、管理和编排计算机系统。

Ansible未能过滤用户提交的输入，允许远程攻击者可利用该漏洞提交特殊的请求，执行任意命令。

Severity: 中

Patch Name: Ansible任意命令执行漏洞的补丁

Patch Description:

Ansible是一款计算机系统配置管理器，它可用于发布、管理和编排计算机系统。

Ansible未能过滤用户提交的输入，允许远程攻击者可利用该漏洞提交特殊的请求，执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.ansible.com/

Reference: http://www.securityfocus.com/bid/95352

Impacted products

Name
['AnsibleWorks Ansible 2.2', 'AnsibleWorks Ansible 1.9.2', 'AnsibleWorks Ansible 1.6.7', 'AnsibleWorks Ansible 1.6.4', 'AnsibleWorks Ansible 1.5.3', 'AnsibleWorks Ansible 2.1', 'AnsibleWorks Ansible 2.0', 'AnsibleWorks Ansible 1.9.4', 'AnsibleWorks Ansible 1.9', 'AnsibleWorks Ansible 1.6.6', 'AnsibleWorks Ansible 1.6.5', 'AnsibleWorks Ansible 1.5.5', 'AnsibleWorks Ansible 1.5.4', 'AnsibleWorks Ansible 1.3.1', 'AnsibleWorks Ansible 1.3.0', 'AnsibleWorks Ansible 1.2.3', 'AnsibleWorks Ansible 1.2.2', 'AnsibleWorks Ansible 1.2.1']

Name

['AnsibleWorks Ansible 2.2', 'AnsibleWorks Ansible 1.9.2', 'AnsibleWorks Ansible 1.6.7', 'AnsibleWorks Ansible 1.6.4', 'AnsibleWorks Ansible 1.5.3', 'AnsibleWorks Ansible 2.1', 'AnsibleWorks Ansible 2.0', 'AnsibleWorks Ansible 1.9.4', 'AnsibleWorks Ansible 1.9', 'AnsibleWorks Ansible 1.6.6', 'AnsibleWorks Ansible 1.6.5', 'AnsibleWorks Ansible 1.5.5', 'AnsibleWorks Ansible 1.5.4', 'AnsibleWorks Ansible 1.3.1', 'AnsibleWorks Ansible 1.3.0', 'AnsibleWorks Ansible 1.2.3', 'AnsibleWorks Ansible 1.2.2', 'AnsibleWorks Ansible 1.2.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95352"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9587"
    }
  },
  "description": "Ansible\u662f\u4e00\u6b3e\u8ba1\u7b97\u673a\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5668\uff0c\u5b83\u53ef\u7528\u4e8e\u53d1\u5e03\u3001\u7ba1\u7406\u548c\u7f16\u6392\u8ba1\u7b97\u673a\u7cfb\u7edf\u3002\r\n\r\nAnsible\u672a\u80fd\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "AnsibleWorks",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.ansible.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00498",
  "openTime": "2017-01-17",
  "patchDescription": "Ansible\u662f\u4e00\u6b3e\u8ba1\u7b97\u673a\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5668\uff0c\u5b83\u53ef\u7528\u4e8e\u53d1\u5e03\u3001\u7ba1\u7406\u548c\u7f16\u6392\u8ba1\u7b97\u673a\u7cfb\u7edf\u3002\r\n\r\nAnsible\u672a\u80fd\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ansible\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "AnsibleWorks Ansible 2.2",
      "AnsibleWorks Ansible  1.9.2",
      "AnsibleWorks Ansible  1.6.7",
      "AnsibleWorks Ansible  1.6.4",
      "AnsibleWorks Ansible  1.5.3",
      "AnsibleWorks Ansible  2.1",
      "AnsibleWorks Ansible  2.0",
      "AnsibleWorks Ansible  1.9.4",
      "AnsibleWorks Ansible  1.9",
      "AnsibleWorks Ansible  1.6.6",
      "AnsibleWorks Ansible  1.6.5",
      "AnsibleWorks Ansible  1.5.5",
      "AnsibleWorks Ansible  1.5.4",
      "AnsibleWorks Ansible  1.3.1",
      "AnsibleWorks Ansible  1.3.0",
      "AnsibleWorks Ansible  1.2.3",
      "AnsibleWorks Ansible  1.2.2",
      "AnsibleWorks Ansible  1.2.1"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95352",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-13",
  "title": "Ansible\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

CVE-2016-9587 (GCVE-0-2016-9587)

Vulnerability from cvelistv5

Published

2018-04-24 16:00

Modified

2024-08-06 02:59

Severity ?

6.6 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20

Summary

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2017:0515	vendor-advisory, x_refsource_REDHAT
	https://www.exploit-db.com/exploits/41013/	exploit, x_refsource_EXPLOIT-DB
	https://security.gentoo.org/glsa/201701-77	vendor-advisory, x_refsource_GENTOO
	https://access.redhat.com/errata/RHSA-2017:1685	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/95352	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:0448	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0195.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0260.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	unspecified	Ansible	Version: ansible 2.1.4 Version: ansible 2.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:02.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0515",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0515"
          },
          {
            "name": "41013",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41013/"
          },
          {
            "name": "GLSA-201701-77",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-77"
          },
          {
            "name": "RHSA-2017:1685",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1685"
          },
          {
            "name": "95352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95352"
          },
          {
            "name": "RHSA-2017:0448",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0448"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
          },
          {
            "name": "RHSA-2017:0195",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
          },
          {
            "name": "RHSA-2017:0260",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ansible",
          "vendor": "unspecified",
          "versions": [
            {
              "status": "affected",
              "version": "ansible 2.1.4"
            },
            {
              "status": "affected",
              "version": " ansible 2.2.1"
            }
          ]
        }
      ],
      "datePublic": "2017-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-25T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:0515",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0515"
        },
        {
          "name": "41013",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41013/"
        },
        {
          "name": "GLSA-201701-77",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-77"
        },
        {
          "name": "RHSA-2017:1685",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1685"
        },
        {
          "name": "95352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95352"
        },
        {
          "name": "RHSA-2017:0448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0448"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
        },
        {
          "name": "RHSA-2017:0195",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
        },
        {
          "name": "RHSA-2017:0260",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-9587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Ansible",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ansible 2.1.4"
                          },
                          {
                            "version_value": " ansible 2.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": ""
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            [
              {
                "vectorString": "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0515",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0515"
            },
            {
              "name": "41013",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41013/"
            },
            {
              "name": "GLSA-201701-77",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-77"
            },
            {
              "name": "RHSA-2017:1685",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1685"
            },
            {
              "name": "95352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95352"
            },
            {
              "name": "RHSA-2017:0448",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0448"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
            },
            {
              "name": "RHSA-2017:0195",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
            },
            {
              "name": "RHSA-2017:0260",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-9587",
    "datePublished": "2018-04-24T16:00:00",
    "dateReserved": "2016-11-23T00:00:00",
    "dateUpdated": "2024-08-06T02:59:02.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted