Vulnerabilities > CVE-2017-7550 - Unspecified vulnerability in Redhat Ansible and Enterprise Linux Server

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
redhat
critical
nessus

Summary

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1259.NASL
    descriptionThis update for ansible to version 2.4.1.0 fixes the following vulnerabilities : - CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785) - CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021) - CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037) - CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038) - CVE-2017-7550: jenkins_plugin module may have exposed passwords in remote host logs (bsc#1065872) This update also contains a number of upstream bug fixes and improvements.
    last seen2020-06-05
    modified2017-11-13
    plugin id104522
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104522
    titleopenSUSE Security Update : ansible (openSUSE-2017-1259)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-1259.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104522);
      script_version("3.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-8614", "CVE-2016-8628", "CVE-2016-9587", "CVE-2017-7481", "CVE-2017-7550");
    
      script_name(english:"openSUSE Security Update : ansible (openSUSE-2017-1259)");
      script_summary(english:"Check for the openSUSE-2017-1259 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for ansible to version 2.4.1.0 fixes the following
    vulnerabilities :
    
      - CVE-2017-7481: Security issue with lookup return not
        tainting the jinja2 environment (bsc#1038785)
    
      - CVE-2016-9587: host to controller command execution
        vulnerability (bsc#1019021)
    
      - CVE-2016-8628: Command injection by compromised server
        via fact variables (bsc#1008037)
    
      - CVE-2016-8614: Improper verification of key fingerprints
        in apt_key module (bsc#1008038)
    
      - CVE-2017-7550: jenkins_plugin module may have exposed
        passwords in remote host logs (bsc#1065872)
    
    This update also contains a number of upstream bug fixes and
    improvements."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008037"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038785"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065872"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"ansible-2.4.1.0-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ansible-2.4.1.0-6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2966.NASL
    descriptionAn update for ansible is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The ansible packages have been upgraded to upstream version 2.4.0, which provides a number of bug fixes and enhancements over the previous version. For more information, please see the Ansible 2.4 Porting Guide linked in the References section. (BZ#1492477) Security Fix(es) : * A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. A remote attacker could use this flaw to expose sensitive information from a remote host
    last seen2020-06-01
    modified2020-06-02
    plugin id104005
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104005
    titleRHEL 7 : ansible (RHSA-2017:2966)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-C2729C23B0.NASL
    descriptionUpdate to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105969
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105969
    titleFedora 27 : ansible (2017-c2729c23b0)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-8BF1B0C692.NASL
    descriptionUpdate to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-11-09
    plugin id104469
    published2017-11-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104469
    titleFedora 26 : ansible (2017-8bf1b0c692)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-008017C9FE.NASL
    descriptionUpdate to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-11-09
    plugin id104468
    published2017-11-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104468
    titleFedora 25 : ansible (2017-008017c9fe)

Redhat

advisories
rhsa
idRHSA-2017:2966
rpms
  • ansible-0:2.4.0.0-5.el7
  • ansible-doc-0:2.4.0.0-5.el7