CVE-2016-3096
First published: Thu Mar 31 2016(Updated: )
A vulnerability in lxc_container, ansible module, was found allowing to get root inside the container. The problem is in the create_script function, which tries to write to /opt/.lxc-attach-script inside of the container. If the attacker can write to /opt/.lxc-attach-script before that, he can overwrite arbitrary files or execute commands as root.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fedoraproject Fedora | =22 | |
| Fedoraproject Fedora | =23 | |
| Fedoraproject Fedora | =24 | |
| Redhat Ansible | <=1.9.6 | |
| Redhat Ansible | =2.0 | |
| Redhat Ansible | =2.0.1 | |
| pip/ansible | >=2.0.0.0<=2.0.1.0 | 2.0.2.0 |
| pip/ansible | <=1.9.6.0 | 1.9.6.1 |
Remedy
https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1322925
- https://github.com/ansible/ansible-modules-extras/pull/1941
- https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4
- https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd
- https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away
- https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0
- https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYig
- https://security.gentoo.org/glsa/201607-14
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1322926
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1322927
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1322925#c4
- https://github.com/ansible/ansible-modules-extras/commit/da84e2e9b83be6ebebbfd3be6776f391622c02fe
- https://github.com/ansible/ansible-modules-extras/commit/6bfd2846f853b9beaeb01da6206d8ffa4abe7a4c
- https://nvd.nist.gov/vuln/detail/CVE-2016-3096
- https://github.com/advisories/GHSA-rh6x-qvg7-rrmj (Advisory)
- https://github.com/ansible/ansible-modules-extras/commit/7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3
- https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2016-1.yaml
- https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0
- https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3096
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-rh6x-qvg7-rrmj
- agent/software-canonical-lookup
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/softwarecombine
- agent/event
- collector/github-advisory
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/22
- version/fedoraproject fedora/23
- version/fedoraproject fedora/24
- vendor/redhat
- canonical/redhat ansible
- version/redhat ansible/1.9.6
- version/redhat ansible/2.0
- version/redhat ansible/2.0.1
- package-manager/pip