Lucene search

K
mageiaGentoo FoundationMGASA-2020-0060
HistoryJan 28, 2020 - 10:52 a.m.

Updated ansible package fixes security vulnerabilities

2020-01-2810:52:40
Gentoo Foundation
advisories.mageia.org
14

CVSS2

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:C/I:P/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

EPSS

0.001

Percentile

17.7%

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the β€˜ps’ bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host (CVE-2019-14904). A vulnerability in Ansible’s nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues (CVE-2019-14905).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchansible<Β 2.7.16-1ansible-2.7.16-1.mga7

CVSS2

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:C/I:P/A:P

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

EPSS

0.001

Percentile

17.7%