ansible -- local symlink exploits

2013-08-21T00:00:00
ID A6A9F9D5-205C-11E5-A4A5-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2013-08-21T00:00:00

Description

MITRE reports:

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.

lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.