Vulnerabilities > CVE-2018-10855 - Information Exposure Through Log Files vulnerability in multiple products

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
redhat
debian
canonical
CWE-532
nessus

Summary

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Vulnerable Configurations

Part Description Count
Application
Redhat
52
OS
Debian
1
OS
Canonical
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Fuzzing and observing application log data/errors for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2079.NASL
    descriptionUpdated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-02
    modified2018-07-03
    plugin id110885
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110885
    titleRHEL 7 : Virtualization Manager (RHSA-2018:2079)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:2079. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110885);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2018-10855");
      script_xref(name:"RHSA", value:"2018:2079");
    
      script_name(english:"RHEL 7 : Virtualization Manager (RHSA-2018:2079)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Updated redhat-virtualization-host packages that fix several bugs and
    add various enhancements are now available.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The redhat-virtualization-host packages provide the Red Hat
    Virtualization Host. These packages include
    redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.
    Red Hat Virtualization Hosts (RHVH) are installed using a special
    build of Red Hat Enterprise Linux with only the packages required to
    host virtual machines. RHVH features a Cockpit user interface for
    monitoring the host's resources and performing administrative tasks.
    
    The ovirt-node-ng packages provide the Red Hat Virtualization Host.
    These packages include redhat-release-virtualization-host, ovirt-node,
    and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed
    using a special build of Red Hat Enterprise Linux with only the
    packages required to host virtual machines. RHVH features a Cockpit
    user interface for monitoring the host's resources and performing
    administrative tasks.
    
    The following packages have been upgraded to a later upstream version:
    imgbased (1.0.20), redhat-release-virtualization-host (4.2),
    redhat-virtualization-host (4.2). (BZ#1590664)
    
    Security Fix(es) :
    
    * ansible: Failed tasks do not honour no_log option allowing for
    secrets to be disclosed in logs (CVE-2018-10855)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for
    reporting this issue.
    
    Bug Fix(es) :
    
    * Previously, if systems were configured to skip Logical Volume
    Manager (LVM) clusters, imgbased sees output that is unrelated to the
    Logical Volumes that are being queried.
    
    As a result, imgbased failed to parse the output, causing Red Hat
    Virtualization Host updates to fail.
    
    In this release imgbased now ignores output from skipped clusters
    enabling imgbased LVM commands to return successfully. (BZ#1568414)
    
    Enhancement(s) :
    
    * Starting from version 4.0, Red Hat Virtualization Hosts could not be
    deployed from Satellite, and therefore could not take advantage of
    Satellite's tooling features.
    
    In this release, Red Hat Virtualization Hosts can now be deployed from
    Satellite 6.3.2 and later. (BZ#1484532)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:2079"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10855"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:imgbased");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-imgbased");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:2079";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"redhat-virtualization-host-4.2"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Virtualization 4");
    
      if (rpm_check(release:"RHEL7", reference:"imgbased-1.0.20-0.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"python-imgbased-1.0.20-0.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"redhat-release-virtualization-host-4.2-4.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"redhat-virtualization-host-image-update-4.2-20180622.0.el7_5")) flag++;
      if (rpm_check(release:"RHEL7", reference:"redhat-virtualization-host-image-update-placeholder-4.2-4.3.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imgbased / python-imgbased / redhat-release-virtualization-host / etc");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4396.NASL
    descriptionSeveral vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : - CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn
    last seen2020-05-31
    modified2019-02-20
    plugin id122321
    published2019-02-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122321
    titleDebian DSA-4396-1 : ansible - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4396. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122321);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2018-10855", "CVE-2018-10875", "CVE-2018-16837", "CVE-2018-16876", "CVE-2019-3828");
      script_xref(name:"DSA", value:"4396");
    
      script_name(english:"Debian DSA-4396-1 : ansible - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Several vulnerabilities have been found in Ansible, a configuration
    management, deployment, and task execution system :
    
      - CVE-2018-10855/ CVE-2018-16876
        The no_log task flag wasn't honored, resulting in an
        information leak.
    
      - CVE-2018-10875
        ansible.cfg was read from the current working directory.
    
      - CVE-2018-16837
        The user module leaked parameters passed to ssh-keygen
        to the process environment.
    
      - CVE-2019-3828
        The fetch module was susceptible to path traversal."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-10855"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-16876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-10875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-16837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-3828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/ansible"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/ansible"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2019/dsa-4396"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Upgrade the ansible packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 2.2.1.0-2+deb9u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10875");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"ansible", reference:"2.2.1.0-2+deb9u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4072-1.NASL
    descriptionIt was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2019-07-25
    plugin id127043
    published2019-07-25
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127043
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : ansible vulnerabilities (USN-4072-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4072-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127043);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2017-7481", "CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875", "CVE-2018-16837", "CVE-2018-16876", "CVE-2019-10156", "CVE-2019-3828");
      script_xref(name:"USN", value:"4072-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : ansible vulnerabilities (USN-4072-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "It was discovered that Ansible failed to properly handle sensitive
    information. A local attacker could use those vulnerabilities to
    extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837)
    (CVE-2018-16876) (CVE-2019-10156)
    
    It was discovered that Ansible could load configuration files from the
    current working directory containing crafted commands. An attacker
    could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875)
    
    It was discovered that Ansible fetch module had a path traversal
    vulnerability. A local attacker could copy and overwrite files outside
    of the specified destination. (CVE-2019-3828).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4072-1/"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10875");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"ansible", pkgver:"2.0.0.2-2ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"ansible", pkgver:"2.5.1+dfsg-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"ansible", pkgver:"2.7.8+dfsg-1ubuntu0.19.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-B619637E45.NASL
    descriptionUpdate to 2.5.5 bugfix/security release See https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst for full changes. Fixes CVE-2018-10855 ---- Update to 2.5.3 with bugfixes. https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-06-25
    plugin id110670
    published2018-06-25
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110670
    titleFedora 27 : ansible (2018-b619637e45)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-b619637e45.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110670);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-10855");
      script_xref(name:"FEDORA", value:"2018-b619637e45");
    
      script_name(english:"Fedora 27 : ansible (2018-b619637e45)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 2.5.5 bugfix/security release See
    https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO
    G-v2.5.rst for full changes. 
    
    Fixes CVE-2018-10855
    
    ----
    
    Update to 2.5.3 with bugfixes.
    https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO
    G-v2.5.rst
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-b619637e45"
      );
      # https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?90676460"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"ansible-2.5.5-2.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2022.NASL
    descriptionAn update for ansible is now available for Red Hat Ansible Engine 2.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.4.5) Security fix(es) : * ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855) Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues. Bug Fix(es) : * Fixed win_copy to preserve the global Ansible local tmp path instead of deleting it when dealing with multiple files (https://github.com/ansible/ansible/pull/37964) * Fixed Windows setup.ps1 for slow performance in large domain environments (https://github.com/ansible/ansible/pull/38646) * Fixed eos_logging idempotency issue when trying to set both logging destination & facility (https://github.com/ansible/ansible/pull/40604) * Fixed ios_logging idempotency issue when trying to set both logging destination & facility (https://github.com/ansible/ansible/pull/41076) See https://github.com/ansible/ansible/blob/v2.4.5.0-1/CHANGELOG.md for details on this release.
    last seen2020-06-02
    modified2018-06-29
    plugin id110794
    published2018-06-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110794
    titleRHEL 7 : ansible (RHSA-2018:2022)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:2022. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110794);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2018-10855");
      script_xref(name:"RHSA", value:"2018:2022");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:2022)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for ansible is now available for Red Hat Ansible Engine 2.4
    for RHEL 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.4.5)
    
    Security fix(es) :
    
    * ansible: Ansible through version 2.5 does not properly honour the
    no_log option with failed task iterations. When a list of secret items
    is supplied to a task and a task iteration fails, secrets can be
    disclosed in logs despite the no_log option being enabled.
    (CVE-2018-10855)
    
    Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for
    reporting these issues.
    
    Bug Fix(es) :
    
    * Fixed win_copy to preserve the global Ansible local tmp path instead
    of deleting it when dealing with multiple files
    (https://github.com/ansible/ansible/pull/37964)
    
    * Fixed Windows setup.ps1 for slow performance in large domain
    environments (https://github.com/ansible/ansible/pull/38646)
    
    * Fixed eos_logging idempotency issue when trying to set both logging
    destination & facility (https://github.com/ansible/ansible/pull/40604)
    
    * Fixed ios_logging idempotency issue when trying to set both logging
    destination & facility (https://github.com/ansible/ansible/pull/41076)
    
    See https://github.com/ansible/ansible/blob/v2.4.5.0-1/CHANGELOG.md
    for details on this release."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:2022"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10855"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible and / or ansible-doc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:2022";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.4"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.4");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.4.5.0-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ansible-doc-2.4.5.0-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible / ansible-doc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1949.NASL
    descriptionAn update for ansible is now available for Red Hat Ansible Engine 2.5 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.5.5) Security fix(es) : * ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855) Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues. Bug Fix(es) : * Changed the admin_users config option to not include
    last seen2020-06-02
    modified2018-06-22
    plugin id110654
    published2018-06-22
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110654
    titleRHEL 7 : ansible (RHSA-2018:1949)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:1949. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110654);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2018-10855");
      script_xref(name:"RHSA", value:"2018:1949");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:1949)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for ansible is now available for Red Hat Ansible Engine 2.5
    for RHEL 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.5.5)
    
    Security fix(es) :
    
    * ansible: Ansible through version 2.5 does not properly honour the
    no_log option with failed task iterations. When a list of secret items
    is supplied to a task and a task iteration fails, secrets can be
    disclosed in logs despite the no_log option being enabled.
    (CVE-2018-10855)
    
    Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for
    reporting these issues.
    
    Bug Fix(es) :
    
    * Changed the admin_users config option to not include 'admin' by
    default as admin is frequently used for a non-privileged account
    (https://github.com/ansible/ansible/pull/41164)
    
    * aws_s3 - add async support to the action plugin
    (https://github.com/ansible/ansible/pull/40826)
    
    * aws_s3 - fix decrypting vault files
    (https://github.com/ansible/ansible/pull/39634)
    
    * ec2_ami - cast the device_mapping volume size to an int
    (https://github.com/ansible/ansible/pull/40938)
    
    * eos_logging - fix idempotency issues
    (https://github.com/ansible/ansible/pull/40604)
    
    * cache plugins - a cache timeout of 0 means the cache will not
    expire.
    
    * ios_logging - fix idempotency issues
    (https://github.com/ansible/ansible/pull/41029)
    
    * ios/nxos/eos_config - don't retrieve config in running_config when
    config is provided for diff
    (https://github.com/ansible/ansible/pull/41400)
    
    * nxos_banner - fix multiline banner issue
    (https://github.com/ansible/ansible/pull/41026).
    
    * nxos terminal plugin - fix output truncation
    (https://github.com/ansible/ansible/pull/40960)
    
    * nxos_l3_interface - fix no switchport issue with loopback and svi
    interfaces (https://github.com/ansible/ansible/pull/37392).
    
    * nxos_snapshot - fix compare_option
    (https://github.com/ansible/ansible/pull/41386)
    
    See
    https://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2
    .5.rst for details on this release."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:1949"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10855"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible and / or ansible-doc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:1949";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.5"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.5");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.5.5-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ansible-doc-2.5.5-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible / ansible-doc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-1A6E6196B9.NASL
    descriptionUpdate to 2.5.5 bugfix/security release See https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst for full changes. Fixes CVE-2018-10855 ---- Update to 2.5.3 with bugfixes. https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120260
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120260
    titleFedora 28 : ansible (2018-1a6e6196b9)

Redhat

advisories
  • rhsa
    idRHBA-2018:3788
  • rhsa
    idRHSA-2018:1948
  • rhsa
    idRHSA-2018:1949
  • rhsa
    idRHSA-2018:2022
  • rhsa
    idRHSA-2018:2079
  • rhsa
    idRHSA-2018:2184
  • rhsa
    idRHSA-2018:2585
  • rhsa
    idRHSA-2019:0054
rpms
  • ansible-0:2.4.6.0-1.el7ae
  • ansible-role-redhat-subscription-0:1.0.1-4.el7ost
  • ansible-0:2.5.5-1.el7ae
  • ansible-doc-0:2.5.5-1.el7ae
  • ansible-0:2.5.5-1.el7ae
  • ansible-doc-0:2.5.5-1.el7ae
  • ansible-0:2.4.5.0-1.el7ae
  • ansible-doc-0:2.4.5.0-1.el7ae
  • imgbased-0:1.0.20-0.1.el7ev
  • python-imgbased-0:1.0.20-0.1.el7ev
  • redhat-release-virtualization-host-0:4.2-4.3.el7
  • redhat-virtualization-host-image-update-0:4.2-20180622.0.el7_5
  • redhat-virtualization-host-image-update-placeholder-0:4.2-4.3.el7
  • ansible-0:2.4.5.0-1.el7ae
  • ansible-doc-0:2.4.5.0-1.el7ae
  • ansible-tower-0:3.2.5-1.el7at
  • ansible-tower-server-0:3.2.5-1.el7at
  • ansible-tower-setup-0:3.2.5-1.el7at
  • ansible-tower-ui-0:3.2.5-1.el7at
  • ansible-tower-venv-ansible-0:3.2.5-1.el7at
  • ansible-tower-venv-tower-0:3.2.5-1.el7at
  • cfme-0:5.9.3.4-1.el7cf
  • cfme-amazon-smartstate-0:5.9.3.4-1.el7cf
  • cfme-appliance-0:5.9.3.4-1.el7cf
  • cfme-appliance-common-0:5.9.3.4-1.el7cf
  • cfme-appliance-debuginfo-0:5.9.3.4-1.el7cf
  • cfme-appliance-tools-0:5.9.3.4-1.el7cf
  • cfme-debuginfo-0:5.9.3.4-1.el7cf
  • cfme-gemset-0:5.9.3.4-1.el7cf
  • cfme-gemset-debuginfo-0:5.9.3.4-1.el7cf
  • httpd-configmap-generator-0:0.2.2-1.1.el7cf
  • ansible-0:2.4.6.0-1.el7ae
  • ansible-0:2.4.6.0-1.el7ae