CVE-2016-3096

🗓️ 03 Jun 2016 14:59:04Reported by [email protected]Type

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack

Reporter	Title	Published	Views	Family All 44
FreeBSD	ansible -- use of predictable paths in lxc_container	2 Apr 201600:00	–	freebsd
CNVD	Ansible lxc_container Module Privilege Gain Vulnerability	7 Jun 201600:00	–	cnvd
CVE	CVE-2016-3096	3 Jun 201614:00	–	cve
Cvelist	CVE-2016-3096	3 Jun 201614:00	–	cvelist
Debian CVE	CVE-2016-3096	3 Jun 201614:00	–	debiancve
EUVD	EUVD-2016-0001	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 23 Update: ansible1.9-1.9.6-1.fc23	25 Apr 201623:57	–	fedora
Fedora	[SECURITY] Fedora 23 Update: ansible-2.0.2.0-1.fc23	30 Apr 201600:28	–	fedora
Fedora	[SECURITY] Fedora 24 Update: ansible-2.0.2.0-1.fc24	7 May 201613:26	–	fedora
Fedora	[SECURITY] Fedora 22 Update: ansible-2.0.2.0-1.fc22	30 Apr 201600:22	–	fedora

NVD

Node

fedoraproject fedoraMatch22

fedoraproject fedoraMatch23

fedoraproject fedoraMatch24

Node

redhat ansibleRange≤1.9.6

redhat ansibleMatch2.0

redhat ansibleMatch2.0.1

Source	Link
lists	www.lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html
github	www.github.com/ansible/ansible-modules-extras/pull/1941
security	www.security.gentoo.org/glsa/201607-14
lists	www.lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html
groups	www.groups.google.com/forum/
lists	www.lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html
lists	www.lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md
lists	www.lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html

06 May 2026 22:30Current

7.5High risk

Vulners AI Score7.5

CVSS 27.2

CVSS 37.8

EPSS0.00037

CWE-59