Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5315-1.NASL
HistoryOct 16, 2023 - 12:00 a.m.

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Ansible vulnerabilities (USN-5315-1)

2023-10-1600:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5315-1 advisory.

  • An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. (CVE-2020-10744)

  • A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with umask 77 && mkdir -p <dir>; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating ‘/proc/<pid>/cmdline’. (CVE-2020-1733)

  • A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. (CVE-2021-3583)

  • A flaw was found in Ansible Engine’s ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. (CVE-2021-3620)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5315-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183136);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/16");

  script_cve_id(
    "CVE-2020-1733",
    "CVE-2020-10744",
    "CVE-2021-3583",
    "CVE-2021-3620"
  );
  script_xref(name:"IAVB", value:"2019-B-0092-S");
  script_xref(name:"IAVB", value:"2022-B-0007");
  script_xref(name:"USN", value:"5315-1");

  script_name(english:"Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Ansible vulnerabilities (USN-5315-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by
multiple vulnerabilities as referenced in the USN-5315-1 advisory.

  - An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory
    when running become_user from become directive. The provided fix is insufficient to prevent the race
    condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as
    previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are
    affected. (CVE-2020-10744)

  - A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when
    running a playbook with an unprivileged become user. When Ansible needs to run a module with become user,
    the temporary directory is created in /var/tmp. This directory is created with umask 77 && mkdir -p
    <dir>; this operation does not fail if the directory already exists and is owned by another user. An
    attacker could take advantage to gain control of the become user as the target directory can be retrieved
    by iterating '/proc/<pid>/cmdline'. (CVE-2020-1733)

  - A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can
    occur through facts used in the template if the user is trying to put templates in multi-line YAML strings
    and the facts being handled do not routinely include special template characters. This flaw allows
    attackers to perform command injection, which discloses sensitive information. The highest threat from
    this vulnerability is to confidentiality and integrity. (CVE-2021-3583)

  - A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the
    Ansible user credentials is disclosed by default in the traceback error message. The highest threat from
    this vulnerability is to confidentiality. (CVE-2021-3620)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5315-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected ansible, ansible-fireball and / or ansible-node-fireball packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1733");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-3583");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ansible");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ansible-fireball");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ansible-node-fireball");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'ansible', 'pkgver': '2.0.0.2-2ubuntu1.3+esm1'},
    {'osver': '16.04', 'pkgname': 'ansible-fireball', 'pkgver': '2.0.0.2-2ubuntu1.3+esm1'},
    {'osver': '16.04', 'pkgname': 'ansible-node-fireball', 'pkgver': '2.0.0.2-2ubuntu1.3+esm1'},
    {'osver': '18.04', 'pkgname': 'ansible', 'pkgver': '2.5.1+dfsg-1ubuntu0.1+esm1'},
    {'osver': '20.04', 'pkgname': 'ansible', 'pkgver': '2.9.6+dfsg-1ubuntu0.1~esm1'},
    {'osver': '22.04', 'pkgname': 'ansible', 'pkgver': '2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ansible / ansible-fireball / ansible-node-fireball');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:esm
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:esm
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:esm
canonicalubuntu_linuxansiblep-cpe:/a:canonical:ubuntu_linux:ansible
canonicalubuntu_linuxansible-fireballp-cpe:/a:canonical:ubuntu_linux:ansible-fireball
canonicalubuntu_linuxansible-node-fireballp-cpe:/a:canonical:ubuntu_linux:ansible-node-fireball

Related

ubuntu 1
openvas 17
osv 14
nessus 24
prion 4
ubuntucve 4
freebsd 3
redhatcve 4
cve 4
github 4
debiancve 4
cbl_mariner 4
ibm 6
redhat 14
fedora 8
alpinelinux 1
veracode 2
mageia 3
suse 2
debian 3
photon 6
gentoo 1
ubuntu
ubuntu
Ansible vulnerabilities
2022-06-07 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5315-1)
2023-01-27 00:00:00
Fedora: Security Advisory for ansible (FEDORA-2021-4ad7c70d71)
2021-07-06 00:00:00
Fedora: Security Advisory for ansible (FEDORA-2021-574ee4dd30)
2021-07-06 00:00:00
osv
osv
ansible vulnerabilities
2022-06-07 14:43:08
CVE-2020-10744
2020-05-15 14:15:11
PYSEC-2020-208
2020-05-15 14:15:00
nessus
nessus
FreeBSD : Ansible -- Insecure Temporary File (50ec3a01-ad77-11eb-8528-8c164582fbac)
2021-05-07 00:00:00
RHEL 7 / 8 : Ansible security and bug fix update (2.9.23) (Important) (RHSA-2021:2664)
2021-07-07 00:00:00
Amazon Linux 2 : ansible (ALASANSIBLE2-2023-001)
2023-09-27 00:00:00
prion
prion
Race condition
2020-05-15 14:15:00
Command injection
2021-09-22 12:15:00
Race condition
2020-03-11 19:15:00
ubuntucve
ubuntucve
CVE-2020-10744
2020-05-15 00:00:00
CVE-2021-3583
2021-09-22 00:00:00
CVE-2020-1733
2020-03-11 00:00:00
freebsd
freebsd
Ansible -- Insecure Temporary File
2020-05-15 00:00:00
Ansible -- Templating engine bug
2021-06-10 00:00:00
Ansible -- Ansible user credentials disclosure in ansible-connection module
2021-06-25 00:00:00
redhatcve
redhatcve
CVE-2020-10744
2020-05-14 15:56:33
CVE-2021-3583
2021-06-08 06:52:22
CVE-2020-1733
2020-02-18 14:29:51
cve
cve
CVE-2020-10744
2020-05-15 14:15:00
CVE-2021-3583
2021-09-22 12:15:00
CVE-2020-1733
2020-03-11 19:15:00
github
github
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
2022-02-09 21:59:42
Improper Input Validation and Command Injection in Ansible
2021-09-23 23:16:38
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
2021-04-20 16:46:12
debiancve
debiancve
CVE-2020-10744
2020-05-15 14:15:00
CVE-2021-3583
2021-09-22 12:15:00
CVE-2020-1733
2020-03-11 19:15:00
cbl_mariner
cbl_mariner
CVE-2020-10744 affecting package ansible 2.9.9-1
2021-07-08 21:56:43
CVE-2021-3583 affecting package ansible 2.9.18-1
2021-10-22 04:51:42
CVE-2021-3583 affecting package ansible 2.9.18-1
2022-04-09 06:51:57
ibm
ibm
Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System (CVE-2021-3583)
2022-02-28 11:18:57
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to injection attacks in Ansible (CVE-2021-3583).
2023-01-12 21:59:00
Security Bulletin: Security vulnerabilities in Ansible affect IBM Cloud Pak for Multicloud Management Hybrid GRC
2021-05-11 19:15:07
redhat
redhat
(RHSA-2021:2663) Important: Ansible security and bug fix update (2.9.23)
2021-07-07 04:24:44
(RHSA-2021:2664) Important: Ansible security and bug fix update (2.9.23)
2021-07-07 04:25:02
(RHSA-2021:3874) Important: Red Hat Ansible Automation Platform 2.0.1 Security and Bug fix Release
2021-10-14 20:14:36
fedora
fedora
[SECURITY] Fedora 34 Update: ansible-2.9.23-1.fc34
2021-07-02 01:09:02
[SECURITY] Fedora 33 Update: ansible-2.9.23-1.fc33
2021-07-02 01:21:14
[SECURITY] Fedora 35 Update: ansible-2.9.27-1.fc35
2021-11-02 01:04:37
alpinelinux
alpinelinux
CVE-2020-1733
2020-03-11 19:15:00
veracode
veracode
Privilege Escalation Via Insecure Directory Creation
2020-02-28 02:48:37
Denial Of Service (DoS)
2021-10-18 13:54:04
mageia
mageia
Updated ansible packages fix security vulnerability
2021-10-23 13:05:28
Updated ansible packages fix security vulnerability
2021-09-23 07:49:29
Updated ansible packages fix security vulnerabilities
2020-05-24 21:04:47
suse
suse
Important for SUSE Manager Client Tools (important)
2022-09-08 00:00:00
Security update for ansible (important)
2022-03-16 00:00:00
debian
debian
[SECURITY] [DLA 3695-1] ansible security update
2023-12-28 17:44:01
[SECURITY] [DLA 2202-1] ansible security update
2020-05-05 14:22:50
[SECURITY] [DSA 4950-1] ansible security update
2021-08-07 09:26:39
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0233
2020-04-21 00:00:00
Critical Photon OS Security Update - PHSA-2022-0528
2022-10-18 00:00:00
Important Photon OS Security Update - PHSA-2020-0233
2020-04-22 00:00:00
gentoo
gentoo
Ansible: Multiple vulnerabilities
2020-06-13 00:00:00
JSON
Related for UBUNTU_USN-5315-1.NASL
ubuntu1openvas17osv14nessus24prion4ubuntucve4freebsd3redhatcve4cve4github4debiancve4cbl_mariner4ibm6redhat14fedora8alpinelinux1veracode2mageia3suse2debian3photon6gentoo1