Lucene search
+L

13 matches found

github
github
added 2018/10/10 5:23 p.m.30 views

Link Following in ansible

The createscript function in the lxccontainer module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /opt/.lxc-attach-script, 2 the archived container in the archivepath directory, or the 3...

7.8CVSS7.4AI score0.00468EPSS
Exploits0References18Affected Software1
gentoo
gentoo
added 2016/07/20 12:0 a.m.25 views

Ansible: Privilege escalation

Background Ansible is a radically simple IT automation platform. Description The createscript function in the lxccontainer module of Ansible uses predictable temporary file names, making it vulnerable to a symlink attack. Impact Local attackers could write arbitrary files or gain escalated...

7.8CVSS3.3AI score0.00468EPSS
Exploits0
osv
osv
added 2016/06/03 2:59 p.m.7 views

CVE-2016-3096

The createscript function in the lxccontainer module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /opt/.lxc-attach-script, 2 the archived container in the archivepath directory, or the 3...

7.8CVSS7.5AI score
Exploits0References13
nvd
nvd
added 2016/06/03 2:59 p.m.29 views

CVE-2016-3096

The createscript function in the lxccontainer module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /opt/.lxc-attach-script, 2 the archived container in the archivepath directory, or the 3...

7.8CVSS7.5AI score0.00468EPSS
Exploits0References13
prion
prion
added 2016/06/03 2:59 p.m.16 views

Directory traversal

The createscript function in the lxccontainer module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /opt/.lxc-attach-script, 2 the archived container in the archivepath directory, or the 3...

7.2CVSS6.9AI score0.00468EPSS
Exploits0References13Affected Software2
ubuntucve
ubuntucve
added 2016/06/03 2:59 p.m.22 views

CVE-2016-3096

The createscript function in the lxccontainer module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /opt/.lxc-attach-script, 2 the archived container in the archivepath directory, or the 3...

7.8CVSS7.1AI score0.00468EPSS
Exploits0References3
osv
osv
added 2016/06/03 2:59 p.m.23 views

PYSEC-2016-1

The createscript function in the lxccontainer module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /opt/.lxc-attach-script, 2 the archived container in the archivepath directory, or the 3...

7.8CVSS6.4AI score0.00468EPSS
Exploits0References14
cvelist
cvelist
added 2016/06/03 2:0 p.m.32 views

CVE-2016-3096

The createscript function in the lxccontainer module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /opt/.lxc-attach-script, 2 the archived container in the archivepath directory, or the 3...

7.5AI score0.00468EPSS
Exploits0References13
cve
cve
added 2016/06/03 2:0 p.m.139 views

CVE-2016-3096

CVE-2016-3096 affects the Ansible lxc_container module: the create_script function allows a local user to write arbitrary files or gain privileges via a symlink attack targeting (1) /opt/.lxc-attach-script, (2) the archived container in archive_path, or (3) lxc-attach-script.log, (4) lxc-attach-s...

7.8CVSS7.4AI score0.00468EPSS
Exploits0References13Affected Software1
osv
osv
added 2016/05/05 4:26 p.m.8 views

MGASA-2016-0163 Updated ansible packages fix CVE-2016-3096

Updated ansible package fixes security vulnerability: A vulnerability in lxccontainer, ansible module, was found allowing to get root inside the container. The problem is in the createscript function, which tries to write to /opt/.lxc-attach-script inside of the container. If the attacker can wri...

7.8CVSS7.8AI score0.00468EPSS
Exploits0References4
mageia
mageia
added 2016/05/05 4:26 p.m.27 views

Updated ansible packages fix CVE-2016-3096

Updated ansible package fixes security vulnerability: A vulnerability in lxccontainer, ansible module, was found allowing to get root inside the container. The problem is in the createscript function, which tries to write to /opt/.lxc-attach-script inside of the container. If the attacker can wri...

7.8CVSS4.8AI score0.00468EPSS
Exploits0References3
nessus
nessus
added 2016/04/21 12:0 a.m.20 views

FreeBSD : ansible -- use of predictable paths in lxc_container (253c6889-06f0-11e6-925f-6805ca0b3d42)

Ansible developers report : CVE-2016-3096: do not use predictable paths in lxccontainer - do not use a predictable filename for the LXC attach script - don't use predictable filenames for LXC attach script logging - don't set a predictable archivepath this should prevent symlink attacks which cou...

7.8CVSS8.4AI score0.00468EPSS
Exploits0References4
freebsd
freebsd
added 2016/04/02 12:0 a.m.26 views

ansible -- use of predictable paths in lxc_container

Ansible developers report: CVE-2016-3096: do not use predictable paths in lxccontainer do not use a predictable filename for the LXC attach script don't use predictable filenames for LXC attach script logging don't set a predictable archivepath this should prevent symlink attacks which could resu...

7.8CVSS2.1AI score0.00468EPSS
Exploits0References2
Rows per page
Query Builder