Vulnerabilities > CVE-2018-16859 - Information Exposure Through Log Files vulnerability in Redhat Ansible Engine

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
redhat
CWE-532
nessus

Summary

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.

Vulnerable Configurations

Part Description Count
Application
Redhat
180

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Fuzzing and observing application log data/errors for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1125.NASL
    descriptionThis update for ansible to version 2.7.8 fixes the following issues : Security issues fixed: 	 - CVE-2018-16837: Fixed an information leak in user module (bsc#1112959). - CVE-2018-16859: Fixed an issue which clould allow logging of password in plaintext in Windows powerShell (bsc#1116587). - CVE-2019-3828: Fixed a path traversal vulnerability in fetch module (bsc#1126503). - CVE-2018-10875: Fixed a potential code execution in ansible.cfg (bsc#1099808). - CVE-2018-16876: Fixed an issue which could allow information disclosure in vvv+ mode with no_log on (bsc#1118896). Other issues addressed : - prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957) Release notes: https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELO G-v2.7.rst#id1
    last seen2020-05-31
    modified2019-04-03
    plugin id123669
    published2019-04-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123669
    titleopenSUSE Security Update : ansible (openSUSE-2019-1125)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1125.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123669);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2018-10875", "CVE-2018-16837", "CVE-2018-16859", "CVE-2018-16876", "CVE-2019-3828");
    
      script_name(english:"openSUSE Security Update : ansible (openSUSE-2019-1125)");
      script_summary(english:"Check for the openSUSE-2019-1125 patch");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for ansible to version 2.7.8 fixes the following issues :
    
    Security issues fixed: 	 
    
      - CVE-2018-16837: Fixed an information leak in user module
        (bsc#1112959).
    
      - CVE-2018-16859: Fixed an issue which clould allow
        logging of password in plaintext in Windows powerShell
        (bsc#1116587).
    
      - CVE-2019-3828: Fixed a path traversal vulnerability in
        fetch module (bsc#1126503).
    
      - CVE-2018-10875: Fixed a potential code execution in
        ansible.cfg (bsc#1099808).
    
      - CVE-2018-16876: Fixed an issue which could allow
        information disclosure in vvv+ mode with no_log on
        (bsc#1118896).
    
    Other issues addressed :
    
      - prepare update to 2.7.8 for multiple releases
        (boo#1102126, boo#1109957)
    
    Release notes:
    https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELO
    G-v2.7.rst#id1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102126"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109957"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112959"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116587"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126503"
      );
      # https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#id1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?38ee3bd6"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10875");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"ansible-2.7.8-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1635.NASL
    descriptionThis update for ansible fixes the following issues : Ansible was updated to version 2.8.1 : Full changelog is at /usr/share/doc/packages/ansible/changelogs/ - Bugfixes - ACI - DO not encode query_string - ACI modules - Fix non-signature authentication - Add missing directory provided via ``--playbook-dir`` to adjacent collection loading - Fix
    last seen2020-05-31
    modified2019-06-28
    plugin id126326
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126326
    titleopenSUSE Security Update : ansible (openSUSE-2019-1635)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1635.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126326);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2018-16837", "CVE-2018-16859", "CVE-2018-16876", "CVE-2019-3828");
    
      script_name(english:"openSUSE Security Update : ansible (openSUSE-2019-1635)");
      script_summary(english:"Check for the openSUSE-2019-1635 patch");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for ansible fixes the following issues :
    
    Ansible was updated to version 2.8.1 :
    
    Full changelog is at /usr/share/doc/packages/ansible/changelogs/
    
      - Bugfixes
    
      - ACI - DO not encode query_string
    
      - ACI modules - Fix non-signature authentication
    
      - Add missing directory provided via ``--playbook-dir`` to
        adjacent collection loading
    
      - Fix 'Interface not found' errors when using
        eos_l2_interface with non-existent interfaces configured
    
      - Fix cannot get credential when `source_auth` set to
        `credential_file`.
    
      - Fix netconf_config backup string issue
    
      - Fix privilege escalation support for the docker
        connection plugin when credentials need to be supplied
        (e.g. sudo with password).
    
      - Fix vyos cli prompt inspection
    
      - Fixed loading namespaced documentation fragments from
        collections.
    
      - Fixing bug came up after running cnos_vrf module against
        coverity.
    
      - Properly handle data importer failures on PVC creation,
        instead of timing out.
    
      - To fix the ios static route TC failure in CI
    
      - To fix the nios member module params
    
      - To fix the nios_zone module idempotency failure
    
      - add terminal initial prompt for initial connection
    
      - allow include_role to work with ansible command
    
      - allow python_requirements_facts to report on
        dependencies containing dashes
    
      - asa_config fix
    
      - azure_rm_roledefinition - fix a small error in build
        scope.
    
      - azure_rm_virtualnetworkpeering - fix cross subscriptions
        virtual network peering.
    
      - cgroup_perf_recap - When not using file_per_task, make
        sure we don't prematurely close the perf files
    
      - display underlying error when reporting an invalid
        ``tasks:`` block.
    
      - dnf - fix wildcard matching for state: absent
    
      - docker connection plugin - accept version ``dev`` as
        'newest version' and print warning.
    
      - docker_container - ``oom_killer`` and ``oom_score_adj``
        options are available since docker-py 1.8.0, not 2.0.0
        as assumed by the version check.
    
      - docker_container - fix network creation when
        ``networks_cli_compatible`` is enabled.
    
      - docker_container - use docker API's ``restart`` instead
        of ``stop``/``start`` to restart a container.
    
      - docker_image - if ``build`` was not specified, the wrong
        default for ``build.rm`` is used.
    
      - docker_image - if ``nocache`` set to ``yes`` but not
        ``build.nocache``, the module failed.
    
      - docker_image - module failed when ``source: build`` was
        set but ``build.path`` options not specified.
    
      - docker_network module - fix idempotency when using
        ``aux_addresses`` in ``ipam_config``.
    
      - ec2_instance - make Name tag idempotent
    
      - eos: don't fail modules without become set, instead show
        message and continue
    
      - eos_config: check for session support when asked to
        'diff_against: session'
    
      - eos_eapi: fix idempotency issues when vrf was
        unspecified.
    
      - fix bugs for ce - more info see
    
      - fix incorrect uses of to_native that should be to_text
        instead.
    
      - hcloud_volume - Fix idempotency when attaching a server
        to a volume.
    
      - ibm_storage - Added a check for null fields in
        ibm_storage utils module.
    
      - include_tasks - whitelist ``listen`` as a valid keyword
    
      - k8s - resource updates applied with force work correctly
        now
    
      - keep results subset also when not no_log.
    
      - meraki_switchport - improve reliability with native VLAN
        functionality.
    
      - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap
        secret size and clearing functionality
    
      - netapp_e_volumes - fix workload profileId indexing when
        no previous workload tags exist on the storage array.
    
      - nxos_acl some platforms/versions raise when no ACLs are
        present
    
      - nxos_facts fix
        <https://github.com/ansible/ansible/pull/57009>
    
      - nxos_file_copy fix passwordless workflow
    
      - nxos_interface Fix admin_state check for n6k
    
      - nxos_snmp_traps fix group all for N35 platforms
    
      - nxos_snmp_user fix platform fixes for get_snmp_user
    
      - nxos_vlan mode idempotence bug
    
      - nxos_vlan vlan names containing regex ctl chars should
        be escaped
    
      - nxos_vtp_* modules fix n6k issues
    
      - openssl_certificate - fix private key passphrase
        handling for ``cryptography`` backend.
    
      - openssl_pkcs12 - fixes crash when private key has a
        passphrase and the module is run a second time.
    
      - os_stack - Apply tags conditionally so that the module
        does not throw up an error when using an older distro of
        openstacksdk
    
      - pass correct loading context to persistent connections
        other than local
    
      - pkg_mgr - Ansible 2.8.0 failing to install yum packages
        on Amazon Linux
    
      - postgresql - added initial SSL related tests
    
      - postgresql - added missing_required_libs, removed excess
        param mapping
    
      - postgresql - move connect_to_db and get_pg_version into
        module_utils/postgres.py
        (https://github.com/ansible/ansible/pull/55514)
    
      - postgresql_db - add note to the documentation about
        state dump and the incorrect rc
        (https://github.com/ansible/ansible/pull/57297)
    
      - postgresql_db - fix for postgresql_db fails if stderr
        contains output
    
      - postgresql_ping - fixed a typo in the module
        documentation
    
      - preserve actual ssh error when we cannot connect.
    
      - route53_facts - the module did not advertise check mode
        support, causing it not to be run in check mode.
    
      - sysctl: the module now also checks the output of STDERR
        to report if values are correctly set
        (https://github.com/ansible/ansible/pull/55695)
    
      - ufw - correctly check status when logging is off
    
      - uri - always return a value for status even during
        failure
    
      - urls - Handle redirects properly for IPv6 address by not
        splitting on ``:`` and rely on already parsed hostname
        and port values
    
      - vmware_vm_facts - fix the support with regular ESXi
    
      - vyos_interface fix
        <https://github.com/ansible/ansible/pull/57169>
    
      - we don't really need to template vars on definition as
        we do this on demand in templating.
    
      - win_acl - Fix qualifier parser when using UNC paths -
    
      - win_hostname - Fix non netbios compliant name handling
    
      - winrm - Fix issue when attempting to parse CLIXML on
        send input failure
    
      - xenserver_guest - fixed an issue where VM whould be
        powered off even though check mode is used if
        reconfiguration requires VM to be powered off.
    
      - xenserver_guest - proper error message is shown when
        maximum number of network interfaces is reached and
        multiple network interfaces are added at once.
    
      - yum - Fix false error message about autoremove not being
        supported
    
      - yum - fix failure when using ``update_cache`` standalone
    
      - yum - handle special '_none_' value for proxy in
        yum.conf and .repo files
    
    Update to version 2.8.0
    
    Major changes :
    
      - Experimental support for Ansible Collections and content
        namespacing - Ansible content can now be packaged in a
        collection and addressed via namespaces. This allows for
        easier sharing, distribution, and installation of
        bundled modules/roles/plugins, and consistent rules for
        accessing specific content via namespaces.
    
      - Python interpreter discovery - The first time a Python
        module runs on a target, Ansible will attempt to
        discover the proper default Python interpreter to use
        for the target platform/version (instead of immediately
        defaulting to /usr/bin/python). You can override this
        behavior by setting ansible_python_interpreter or via
        config. (see
        https://github.com/ansible/ansible/pull/50163)
    
      - become - The deprecated CLI arguments for --sudo,
        --sudo-user,
    
        --ask-sudo-pass, -su, --su-user, and --ask-su-pass have
        been removed, in favor of the more generic --become,
        --become-user, --become-method, and
    
        --ask-become-pass.
    
      - become - become functionality has been migrated to a
        plugin architecture, to allow customization of become
        functionality and 3rd party become methods
        (https://github.com/ansible/ansible/pull/50991)
    
      - addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828,
        CVE-2018-16837
    
    For the full changelog see /usr/share/doc/packages/ansible/changelogs
    or online:
    https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELO
    G-v2.8.rst"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109957"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112959"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126503"
      );
      # https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?038dc6b5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/50163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/50991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/55514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/55695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/57009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/57169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/57297"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"ansible-2.8.1-lp150.2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ansible-2.8.1-lp151.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3772.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.7.4) Security fix(es) : * ansible: become password logged in plaintext when used with PowerShell on Windows (CVE-2018-16859) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Igor Turovsky for reporting this issue. Bug Fix(es) : See https://github.com/ansible/ansible/blob/v2.7.4/changelogs/ CHANGELOG-v2.7.rst for details on bug fixes in this release.
    last seen2020-05-19
    modified2018-12-07
    plugin id119487
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119487
    titleRHEL 7 : ansible (RHSA-2018:3772)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3772. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119487);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/18");
    
      script_cve_id("CVE-2018-16859");
      script_xref(name:"RHSA", value:"2018:3772");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:3772)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ansible is now available for Ansible Engine 2.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.7.4)
    
    Security fix(es) :
    
    * ansible: become password logged in plaintext when used with
    PowerShell on Windows (CVE-2018-16859)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Red Hat would like to thank Igor Turovsky for reporting this issue.
    
    Bug Fix(es) :
    
    See https://github.com/ansible/ansible/blob/v2.7.4/changelogs/
    CHANGELOG-v2.7.rst for details on bug fixes in this release."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3772"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-16859"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3772";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.[0-4]"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.0 - 2.4");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.7.4-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3771.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.6.10) Security fix(es) : * ansible: become password logged in plaintext when used with PowerShell on Windows (CVE-2018-16859) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Igor Turovsky for reporting this issue. Bug Fix(es) : See https://github.com/ansible/ansible/blob/v2.6.10/changelogs/ CHANGELOG-v2.6.rst for details on bug fixes in this release.
    last seen2020-05-22
    modified2018-12-07
    plugin id119486
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119486
    titleRHEL 7 : ansible (RHSA-2018:3771)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3773.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.7.4) Security fix(es) : * ansible: become password logged in plaintext when used with PowerShell on Windows (CVE-2018-16859) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Igor Turovsky for reporting this issue. Bug Fix(es) : See https://github.com/ansible/ansible/blob/v2.7.4/changelogs/ CHANGELOG-v2.7.rst for details on bug fixes in this release.
    last seen2020-05-19
    modified2018-12-07
    plugin id119488
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119488
    titleRHEL 7 : ansible (RHSA-2018:3773)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3770.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.5.13) Security fix(es) : * ansible: become password logged in plaintext when used with PowerShell on Windows (CVE-2018-16859) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Igor Turovsky for reporting this issue. Bug Fix(es) : See https://github.com/ansible/ansible/blob/v2.5.13/changelogs/ CHANGELOG-v2.5.rst for details on bug fixes in this release.
    last seen2020-05-22
    modified2018-12-07
    plugin id119485
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119485
    titleRHEL 7 : ansible (RHSA-2018:3770)

Redhat

advisories
  • rhsa
    idRHSA-2018:3770
  • rhsa
    idRHSA-2018:3771
  • rhsa
    idRHSA-2018:3772
  • rhsa
    idRHSA-2018:3773
rpms
  • ansible-0:2.5.13-1.el7ae
  • ansible-doc-0:2.5.13-1.el7ae
  • ansible-0:2.6.10-1.el7ae
  • ansible-0:2.7.4-1.el7ae
  • ansible-0:2.7.4-1.el7ae