Vulnerabilities > CVE-2018-10874 - Unspecified vulnerability in Redhat products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
redhat
nessus

Summary

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2166.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.6.1) Security fix(es) : * ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874) * ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS). Bug Fix(es) : * Fix junos_config confirm commit timeout issue (https://github.com/ansible/ ansible/pull/41527) * file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. The patch to fix that broke check mode. This is now fixed (https://github.com/ansible/ansible/issues/42111) * inventory manager - This fixes required options being populated before the inventory config file is read, so the required options may be set in the config file. * nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209 * win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible /ansible/issues/41536 * win_group_membership - uses the internal Ansible SID conversion logic and uses that when comparing group membership instead of the name https:// github.com/ansible/ansible/issues/40649
    last seen2020-06-02
    modified2018-07-12
    plugin id111030
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111030
    titleRHEL 7 : ansible (RHSA-2018:2166)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:2166. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111030);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2018-10874", "CVE-2018-10875");
      script_xref(name:"RHSA", value:"2018:2166");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:2166)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for ansible is now available for Ansible Engine 2.6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.6.1)
    
    Security fix(es) :
    
    * ansible: Inventory variables are loaded from current working
    directory when running ad-hoc command that can lead to code execution
    (CVE-2018-10874)
    
    * ansible: ansible.cfg is being read from current working directory
    allowing possible code execution (CVE-2018-10875)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    This issue was discovered by Brian Coca (Red Hat), and Michael Scherer
    (OSAS).
    
    Bug Fix(es) :
    
    * Fix junos_config confirm commit timeout issue
    (https://github.com/ansible/ ansible/pull/41527)
    
    * file module - The touch subcommand had its diff output broken during
    the 2.6.x development cycle. The patch to fix that broke check mode.
    This is now fixed (https://github.com/ansible/ansible/issues/42111)
    
    * inventory manager - This fixes required options being populated
    before the inventory config file is read, so the required options may
    be set in the config file.
    
    * nsupdate - allow hmac-sha384
    https://github.com/ansible/ansible/pull/42209
    
    * win_domain - fixes typo in one of the AD cmdlets
    https://github.com/ansible /ansible/issues/41536
    
    * win_group_membership - uses the internal Ansible SID conversion
    logic and uses that when comparing group membership instead of the
    name https:// github.com/ansible/ansible/issues/40649"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:2166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10875"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:2166";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.6"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.6");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.6.1-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4072-1.NASL
    descriptionIt was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2019-07-25
    plugin id127043
    published2019-07-25
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127043
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : ansible vulnerabilities (USN-4072-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4072-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127043);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2017-7481", "CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875", "CVE-2018-16837", "CVE-2018-16876", "CVE-2019-10156", "CVE-2019-3828");
      script_xref(name:"USN", value:"4072-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : ansible vulnerabilities (USN-4072-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "It was discovered that Ansible failed to properly handle sensitive
    information. A local attacker could use those vulnerabilities to
    extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837)
    (CVE-2018-16876) (CVE-2019-10156)
    
    It was discovered that Ansible could load configuration files from the
    current working directory containing crafted commands. An attacker
    could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875)
    
    It was discovered that Ansible fetch module had a path traversal
    vulnerability. A local attacker could copy and overwrite files outside
    of the specified destination. (CVE-2019-3828).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4072-1/"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10875");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"ansible", pkgver:"2.0.0.2-2ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"ansible", pkgver:"2.5.1+dfsg-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"ansible", pkgver:"2.7.8+dfsg-1ubuntu0.19.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-53790A5236.NASL
    descriptionUpdate to ansible 2.6.1 bugfix release. Fixes also 2 CVEs: CVE-2018-10874 and CVE-2018-10875 See https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELO G-v2.6.rst for full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-07-24
    plugin id111240
    published2018-07-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111240
    titleFedora 27 : ansible (2018-53790a5236)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-53790a5236.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111240);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-10874", "CVE-2018-10875");
      script_xref(name:"FEDORA", value:"2018-53790a5236");
    
      script_name(english:"Fedora 27 : ansible (2018-53790a5236)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to ansible 2.6.1 bugfix release. Fixes also 2 CVEs:
    CVE-2018-10874 and CVE-2018-10875
    
    See
    https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELO
    G-v2.6.rst for full list of changes.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-53790a5236"
      );
      # https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bcd9b701"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"ansible-2.6.1-1.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2150.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.5.6) Security fix(es) : * ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874) * ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS). Bug Fix(es) : * Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases. * lineinfile - add warning when using an empty regexp (https://github.com/ ansible/ansible/issues/29443) * apt - fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/ 41530) * copy module - fixed recursive copy with relative paths (https://github.com/ ansible/ansible/pull/40166) * correct debug display for all cases https://github.com/ansible/ansible/pull /41331 * eos_l2_interface - fix eapi (https://github.com/ansible/ansible/pull/42270) * group_by - support implicit localhost (https://github.com/ansible/ansible/ pull/41860) * influxdb_query - fixed the use of the common return
    last seen2020-06-02
    modified2018-07-12
    plugin id111026
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111026
    titleRHEL 7 : ansible (RHSA-2018:2150)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:2150. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111026);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2018-10874", "CVE-2018-10875");
      script_xref(name:"RHSA", value:"2018:2150");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:2150)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for ansible is now available for Ansible Engine 2.5.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.5.6)
    
    Security fix(es) :
    
    * ansible: Inventory variables are loaded from current working
    directory when running ad-hoc command that can lead to code execution
    (CVE-2018-10874)
    
    * ansible: ansible.cfg is being read from current working directory
    allowing possible code execution (CVE-2018-10875)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    This issue was discovered by Brian Coca (Red Hat), and Michael Scherer
    (OSAS).
    
    Bug Fix(es) :
    
    * Restore module_utils.basic.BOOLEANS variable for backwards
    compatibility with the module API in older ansible releases.
    
    * lineinfile - add warning when using an empty regexp
    (https://github.com/ ansible/ansible/issues/29443)
    
    * apt - fix apt-mark on debian6
    (https://github.com/ansible/ansible/pull/ 41530)
    
    * copy module - fixed recursive copy with relative paths
    (https://github.com/ ansible/ansible/pull/40166)
    
    * correct debug display for all cases
    https://github.com/ansible/ansible/pull /41331
    
    * eos_l2_interface - fix eapi
    (https://github.com/ansible/ansible/pull/42270)
    
    * group_by - support implicit localhost
    (https://github.com/ansible/ansible/ pull/41860)
    
    * influxdb_query - fixed the use of the common return 'results' caused
    an unexpected fault. The return is renamed to 'query_results'
    
    * junos_config - fix confirm commit timeout issue
    (https://github.com/ansible /ansible/pull/41527)
    
    * lineinfile - fix insertbefore when used with BOF to not insert
    duplicate lines (https://github.com/ansible/ansible/issues/38219)
    
    * nsupdate - allow hmac-sha384
    https://github.com/ansible/ansible/pull/42209
    
    * nxos_linkagg - fix issue
    (https://github.com/ansible/ansible/pull/41550).
    
    * nxos_vxlan_vtep_vni - fix issue
    (https://github.com/ansible/ansible/pull/ 42240)
    
    * uses correct conn info for reset_connection
    https://github.com/ansible/ ansible/issues/27520
    
    * correct service facts systemd detection of state
    https://github.com/ansible /ansible/issues/40809
    
    * correctly check hostvars for vars term
    https://github.com/ansible/ansible/ pull/41819
    
    * vyos_vlan - fix aggregate configuration issues
    (https://github.com/ansible/ ansible/pull/41638)
    
    * win_domain - fixes typo in one of the AD cmdlets
    https://github.com/ansible /ansible/issues/41536
    
    * win_iis_webapppool - redirect some module output to null so Ansible
    can read the output JSON
    https://github.com/ansible/ansible/issues/40874
    
    * win_updates - Fixed issue where running win_updates on async fails
    without any error
    
    * winrm - ensure pexpect is set to not echo the input on a failure and
    have a manual sanity check afterwards
    https://github.com/ansible/ansible/issues/ 41865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:2150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10875"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible and / or ansible-doc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:2150";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.5"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.5");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.5.6-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ansible-doc-2.5.6-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible / ansible-doc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2321.NASL
    descriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-02
    modified2018-08-02
    plugin id111515
    published2018-08-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111515
    titleRHEL 7 : Virtualization (RHSA-2018:2321)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:2321. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111515);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2018-10874", "CVE-2018-10875");
      script_xref(name:"RHSA", value:"2018:2321");
    
      script_name(english:"RHEL 7 : Virtualization (RHSA-2018:2321)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for redhat-virtualization-host is now available for Red Hat
    Virtualization 4 for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The redhat-virtualization-host packages provide the Red Hat
    Virtualization Host. These packages include
    redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.
    Red Hat Virtualization Hosts (RHVH) are installed using a special
    build of Red Hat Enterprise Linux with only the packages required to
    host virtual machines. RHVH features a Cockpit user interface for
    monitoring the host's resources and performing administrative tasks.
    
    The ovirt-node-ng packages provide the Red Hat Virtualization Host.
    These packages include redhat-release-virtualization-host, ovirt-node,
    and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed
    using a special build of Red Hat Enterprise Linux with only the
    packages required to host virtual machines. RHVH features a Cockpit
    user interface for monitoring the host's resources and performing
    administrative tasks.
    
    The following packages have been upgraded to a later upstream version:
    imgbased (1.0.22), redhat-release-virtualization-host (4.2),
    redhat-virtualization-host (4.2). (BZ#1596545, BZ#1607722, BZ#1607723)
    
    Security Fix(es) :
    
    * ansible: Inventory variables are loaded from current working
    directory when running ad-hoc command that can lead to code execution
    (CVE-2018-10874)
    
    * ansible: ansible.cfg is being read from current working directory
    allowing possible code execution (CVE-2018-10875)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Red Hat would like to thank Michael Scherer (OSAS) for reporting
    CVE-2018-10874. The CVE-2018-10875 issue was discovered by Brian Coca
    (Red Hat)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:2321"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10875"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:imgbased");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-imgbased");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:2321";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"redhat-virtualization-host-image-update-4.2"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Virtualization");
    
      if (rpm_check(release:"RHEL7", reference:"imgbased-1.0.22-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"python-imgbased-1.0.22-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"redhat-release-virtualization-host-4.2-5.0.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"redhat-virtualization-host-image-update-4.2-20180724.0.el7_5")) flag++;
      if (rpm_check(release:"RHEL7", reference:"redhat-virtualization-host-image-update-placeholder-4.2-5.0.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imgbased / python-imgbased / redhat-release-virtualization-host / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2151.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.6.1) Security fix(es) : * ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874) * ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS). Bug Fix(es) : * Fix junos_config confirm commit timeout issue (https://github.com/ansible/ ansible/pull/41527) * file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. The patch to fix that broke check mode. This is now fixed (https://github.com/ansible/ansible/issues/42111) * inventory manager - This fixes required options being populated before the inventory config file is read, so the required options may be set in the config file. * nsupdate - allow hmac-sha384 https://github.com/ansible/ansible/pull/42209 * win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible /ansible/issues/41536 * win_group_membership - uses the internal Ansible SID conversion logic and uses that when comparing group membership instead of the name https:// github.com/ansible/ansible/issues/40649
    last seen2020-06-02
    modified2018-07-12
    plugin id111027
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111027
    titleRHEL 7 : ansible (RHSA-2018:2151)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:2151. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111027);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2018-10874", "CVE-2018-10875");
      script_xref(name:"RHSA", value:"2018:2151");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:2151)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for ansible is now available for Ansible Engine 2.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.6.1)
    
    Security fix(es) :
    
    * ansible: Inventory variables are loaded from current working
    directory when running ad-hoc command that can lead to code execution
    (CVE-2018-10874)
    
    * ansible: ansible.cfg is being read from current working directory
    allowing possible code execution (CVE-2018-10875)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    This issue was discovered by Brian Coca (Red Hat), and Michael Scherer
    (OSAS).
    
    Bug Fix(es) :
    
    * Fix junos_config confirm commit timeout issue
    (https://github.com/ansible/ ansible/pull/41527)
    
    * file module - The touch subcommand had its diff output broken during
    the 2.6.x development cycle. The patch to fix that broke check mode.
    This is now fixed (https://github.com/ansible/ansible/issues/42111)
    
    * inventory manager - This fixes required options being populated
    before the inventory config file is read, so the required options may
    be set in the config file.
    
    * nsupdate - allow hmac-sha384
    https://github.com/ansible/ansible/pull/42209
    
    * win_domain - fixes typo in one of the AD cmdlets
    https://github.com/ansible /ansible/issues/41536
    
    * win_group_membership - uses the internal Ansible SID conversion
    logic and uses that when comparing group membership instead of the
    name https:// github.com/ansible/ansible/issues/40649"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:2151"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10875"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:2151";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.6"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.6");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.6.1-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-1D2BC76093.NASL
    descriptionUpdate to ansible 2.6.1 bugfix release. Fixes also 2 CVEs: CVE-2018-10874 and CVE-2018-10875 See https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELO G-v2.6.rst for full list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120275
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120275
    titleFedora 28 : ansible (2018-1d2bc76093)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2152.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.4.6) Security fix(es) : * ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution (CVE-2018-10874) * ansible: ansible.cfg is being read from current working directory allowing possible code execution (CVE-2018-10875) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Brian Coca (Red Hat), and Michael Scherer (OSAS).
    last seen2020-06-02
    modified2018-07-12
    plugin id111028
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111028
    titleRHEL 7 : ansible (RHSA-2018:2152)

Redhat

advisories
  • rhsa
    idRHBA-2018:3788
  • rhsa
    idRHSA-2018:2150
  • rhsa
    idRHSA-2018:2151
  • rhsa
    idRHSA-2018:2152
  • rhsa
    idRHSA-2018:2166
  • rhsa
    idRHSA-2018:2321
  • rhsa
    idRHSA-2018:2585
  • rhsa
    idRHSA-2019:0054
rpms
  • ansible-0:2.4.6.0-1.el7ae
  • ansible-role-redhat-subscription-0:1.0.1-4.el7ost
  • ansible-0:2.5.6-1.el7ae
  • ansible-doc-0:2.5.6-1.el7ae
  • ansible-0:2.6.1-1.el7ae
  • ansible-0:2.4.6.0-1.el7ae
  • ansible-doc-0:2.4.6.0-1.el7ae
  • ansible-0:2.6.1-1.el7ae
  • imgbased-0:1.0.22-1.el7ev
  • python-imgbased-0:1.0.22-1.el7ev
  • redhat-release-virtualization-host-0:4.2-5.0.el7
  • redhat-virtualization-host-image-update-0:4.2-20180724.0.el7_5
  • redhat-virtualization-host-image-update-placeholder-0:4.2-5.0.el7
  • ansible-0:2.4.6.0-1.el7ae
  • ansible-0:2.4.6.0-1.el7ae