Lucene search

K

Debian dla-3695 : ansible - security update

Debian 10 Ansible has multiple vulnerabilities requiring security updates as noted in advisory DLA-3695.

Show more
Related
Refs
Code
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3695. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(214484);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/01/22");

  script_cve_id(
    "CVE-2019-10206",
    "CVE-2021-3447",
    "CVE-2021-3583",
    "CVE-2021-3620",
    "CVE-2021-20178",
    "CVE-2021-20191",
    "CVE-2022-3697",
    "CVE-2023-5115"
  );
  script_xref(name:"IAVB", value:"2021-B-0013-S");
  script_xref(name:"IAVB", value:"2022-B-0007");

  script_name(english:"Debian dla-3695 : ansible - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-3695 advisory.

    - -------------------------------------------------------------------------
    Debian LTS Advisory DLA-3695-1                [email protected]
    https://www.debian.org/lts/security/                   Bastien Roucaris
    December 28, 2023                             https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : ansible
    Version        : 2.7.7+dfsg-1+deb10u2
    CVE ID         : CVE-2019-10206 CVE-2021-3447 CVE-2021-3583 CVE-2021-3620
                     CVE-2021-20178 CVE-2021-20191 CVE-2022-3697 CVE-2023-5115
    Debian Bug     : 1053693

    Ansible a configuration management, deployment, and task execution system
    was affected by multiple vulnerabilities.

    CVE-2019-10206

        Fix a regression in test suite of CVE-2019-10206.

    CVE-2021-3447

        A flaw was found in several
        ansible modules, where parameters containing credentials,
        such as secrets, were being logged in plain-text on
        managed nodes, as well as being made visible on the
        controller node when run in verbose mode. These parameters
        were not protected by the no_log feature. An attacker can
        take advantage of this information to steal those credentials,
        provided when they have access to the log files
        containing them. The highest threat from this vulnerability
        is to data confidentiality

    CVE-2021-3583

        A flaw was found in Ansible, where
        a user's controller is vulnerable to template injection.
        This issue can occur through facts used in the template
        if the user is trying to put templates in multi-line YAML
        strings and the facts being handled do not routinely
        include special template characters. This flaw allows
        attackers to perform command injection, which discloses
        sensitive information. The highest threat from this
        vulnerability is to confidentiality and integrity.

    CVE-2021-3620

        A flaw was found in Ansible Engine's
        ansible-connection module, where sensitive information
        such as the Ansible user credentials is disclosed by
        default in the traceback error message. The highest
        threat from this vulnerability is to confidentiality.

    CVE-2021-20178

        A flaw was found in ansible module
        snmp_fact where credentials are disclosed in the console log by
        default and not protected by the security feature
        This flaw allows an attacker to steal privkey and authkey
        credentials. The highest threat from this vulnerability
        is to confidentiality.

    CVE-2021-20191

        A flaw was found in ansible. Credentials,
        such as secrets, are being disclosed in console log by default
        and not protected by no_log feature when using Cisco nxos moduel.
        An attacker can take advantage of this information to steal those
        credentials. The highest threat from this vulnerability is
        to data confidentiality.

    CVE-2022-3697

        A flaw was found in Ansible in the amazon.aws
        collection when using the tower_callback parameter from the
        amazon.aws.ec2_instance module. This flaw allows an attacker
        to take advantage of this issue as the module is handling the
        parameter insecurely, leading to the password leaking in the logs.

    CVE-2023-5115

        An absolute path traversal attack existed
        in the Ansible automation platform. This flaw allows an
        attacker to craft a malicious Ansible role and make the
        victim execute the role. A symlink can be used to
        overwrite a file outside of the extraction path.

    For Debian 10 buster, these problems have been fixed in version
    2.7.7+dfsg-1+deb10u2.

    We recommend that you upgrade your ansible packages.

    For the detailed security status of ansible please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/ansible

    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/ansible");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-10206");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-20178");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-20191");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3447");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3583");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3620");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-3697");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5115");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/ansible");
  script_set_attribute(attribute:"solution", value:
"Upgrade the ansible packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10206");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-3697");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/12/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/01/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ansible");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ansible-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '10.0', 'prefix': 'ansible', 'reference': '2.7.7+dfsg-1+deb10u2'},
    {'release': '10.0', 'prefix': 'ansible-doc', 'reference': '2.7.7+dfsg-1+deb10u2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ansible / ansible-doc');
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo