Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2017-0195.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2017-0260.html | Third Party Advisory |
http://www.securityfocus.com/bid/95352 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:0448 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:0515 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:1685 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587 | Issue Tracking Third Party Advisory |
https://security.gentoo.org/glsa/201701-77 | Third Party Advisory |
https://www.exploit-db.com/exploits/41013/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-04-24T16:00:00
Updated: 2018-04-25T09:57:01
Reserved: 2016-11-23T00:00:00
Link: CVE-2016-9587
JSON object: View
NVD Information
Status : Modified
Published: 2018-04-24T16:29:00.220
Modified: 2023-11-07T02:37:14.233
Link: CVE-2016-9587
JSON object: View
Redhat Information
No data.
CWE