Vulnerabilities > CVE-2018-16876 - Information Exposure vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
redhat
debian
suse
canonical
CWE-200
nessus

Summary

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4396.NASL
    descriptionSeveral vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : - CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn
    last seen2020-05-31
    modified2019-02-20
    plugin id122321
    published2019-02-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122321
    titleDebian DSA-4396-1 : ansible - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4396. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122321);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2018-10855", "CVE-2018-10875", "CVE-2018-16837", "CVE-2018-16876", "CVE-2019-3828");
      script_xref(name:"DSA", value:"4396");
    
      script_name(english:"Debian DSA-4396-1 : ansible - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Several vulnerabilities have been found in Ansible, a configuration
    management, deployment, and task execution system :
    
      - CVE-2018-10855/ CVE-2018-16876
        The no_log task flag wasn't honored, resulting in an
        information leak.
    
      - CVE-2018-10875
        ansible.cfg was read from the current working directory.
    
      - CVE-2018-16837
        The user module leaked parameters passed to ssh-keygen
        to the process environment.
    
      - CVE-2019-3828
        The fetch module was susceptible to path traversal."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-10855"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-16876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-10875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-16837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-3828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/ansible"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/ansible"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2019/dsa-4396"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Upgrade the ansible packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 2.2.1.0-2+deb9u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10875");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"ansible", reference:"2.2.1.0-2+deb9u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-615705632D.NASL
    descriptionUpdate to 2.7.5 bugfix release. Fix for CVE-2018-16876 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120466
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120466
    titleFedora 28 : ansible (2018-615705632d)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-615705632d.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120466);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-16876");
      script_xref(name:"FEDORA", value:"2018-615705632d");
    
      script_name(english:"Fedora 28 : ansible (2018-615705632d)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 2.7.5 bugfix release. Fix for CVE-2018-16876
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-615705632d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"ansible-2.7.5-1.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1125.NASL
    descriptionThis update for ansible to version 2.7.8 fixes the following issues : Security issues fixed: &#9; - CVE-2018-16837: Fixed an information leak in user module (bsc#1112959). - CVE-2018-16859: Fixed an issue which clould allow logging of password in plaintext in Windows powerShell (bsc#1116587). - CVE-2019-3828: Fixed a path traversal vulnerability in fetch module (bsc#1126503). - CVE-2018-10875: Fixed a potential code execution in ansible.cfg (bsc#1099808). - CVE-2018-16876: Fixed an issue which could allow information disclosure in vvv+ mode with no_log on (bsc#1118896). Other issues addressed : - prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957) Release notes: https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELO G-v2.7.rst#id1
    last seen2020-05-31
    modified2019-04-03
    plugin id123669
    published2019-04-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123669
    titleopenSUSE Security Update : ansible (openSUSE-2019-1125)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1125.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123669);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2018-10875", "CVE-2018-16837", "CVE-2018-16859", "CVE-2018-16876", "CVE-2019-3828");
    
      script_name(english:"openSUSE Security Update : ansible (openSUSE-2019-1125)");
      script_summary(english:"Check for the openSUSE-2019-1125 patch");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for ansible to version 2.7.8 fixes the following issues :
    
    Security issues fixed: &#9; 
    
      - CVE-2018-16837: Fixed an information leak in user module
        (bsc#1112959).
    
      - CVE-2018-16859: Fixed an issue which clould allow
        logging of password in plaintext in Windows powerShell
        (bsc#1116587).
    
      - CVE-2019-3828: Fixed a path traversal vulnerability in
        fetch module (bsc#1126503).
    
      - CVE-2018-10875: Fixed a potential code execution in
        ansible.cfg (bsc#1099808).
    
      - CVE-2018-16876: Fixed an issue which could allow
        information disclosure in vvv+ mode with no_log on
        (bsc#1118896).
    
    Other issues addressed :
    
      - prepare update to 2.7.8 for multiple releases
        (boo#1102126, boo#1109957)
    
    Release notes:
    https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELO
    G-v2.7.rst#id1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102126"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109957"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112959"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116587"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126503"
      );
      # https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#id1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?38ee3bd6"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10875");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"ansible-2.7.8-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4072-1.NASL
    descriptionIt was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2019-07-25
    plugin id127043
    published2019-07-25
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127043
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : ansible vulnerabilities (USN-4072-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4072-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127043);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2017-7481", "CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875", "CVE-2018-16837", "CVE-2018-16876", "CVE-2019-10156", "CVE-2019-3828");
      script_xref(name:"USN", value:"4072-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : ansible vulnerabilities (USN-4072-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "It was discovered that Ansible failed to properly handle sensitive
    information. A local attacker could use those vulnerabilities to
    extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837)
    (CVE-2018-16876) (CVE-2019-10156)
    
    It was discovered that Ansible could load configuration files from the
    current working directory containing crafted commands. An attacker
    could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875)
    
    It was discovered that Ansible fetch module had a path traversal
    vulnerability. A local attacker could copy and overwrite files outside
    of the specified destination. (CVE-2019-3828).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4072-1/"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10875");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"ansible", pkgver:"2.0.0.2-2ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"ansible", pkgver:"2.5.1+dfsg-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"ansible", pkgver:"2.7.8+dfsg-1ubuntu0.19.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0152_ANSIBLE.NASL
    descriptionAn update of the ansible package has been released.
    last seen2020-05-31
    modified2019-06-25
    plugin id126212
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126212
    titlePhoton OS 2.0: Ansible PHSA-2019-2.0-0152
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0152. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(126212);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/27");
    
      script_cve_id("CVE-2018-16876", "CVE-2019-3828");
    
      script_name(english:"Photon OS 2.0: Ansible PHSA-2019-2.0-0152");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the ansible package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-152.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16876");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", reference:"ansible-2.7.9-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3838.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.7.5) Security fix(es) : * ansible: information disclosure in vvv+ mode with no_log on (CVE-2018-16876) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : See https://github.com/ansible/ansible/blob/v2.7.5/changelogs/ CHANGELOG-v2.7.rst for details on bug fixes in this release.
    last seen2020-03-28
    modified2018-12-20
    plugin id119800
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119800
    titleRHEL 7 : ansible (RHSA-2018:3838)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3838. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119800);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
    
      script_cve_id("CVE-2018-16876");
      script_xref(name:"RHSA", value:"2018:3838");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:3838)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ansible is now available for Ansible Engine 2.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.7.5)
    
    Security fix(es) :
    
    * ansible: information disclosure in vvv+ mode with no_log on
    (CVE-2018-16876)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Bug Fix(es) :
    
    See https://github.com/ansible/ansible/blob/v2.7.5/changelogs/
    CHANGELOG-v2.7.rst for details on bug fixes in this release."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-16876"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3838";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.[0-4]"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.0 - 2.4");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.7.5-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1635.NASL
    descriptionThis update for ansible fixes the following issues : Ansible was updated to version 2.8.1 : Full changelog is at /usr/share/doc/packages/ansible/changelogs/ - Bugfixes - ACI - DO not encode query_string - ACI modules - Fix non-signature authentication - Add missing directory provided via ``--playbook-dir`` to adjacent collection loading - Fix
    last seen2020-05-31
    modified2019-06-28
    plugin id126326
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126326
    titleopenSUSE Security Update : ansible (openSUSE-2019-1635)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1635.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126326);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2018-16837", "CVE-2018-16859", "CVE-2018-16876", "CVE-2019-3828");
    
      script_name(english:"openSUSE Security Update : ansible (openSUSE-2019-1635)");
      script_summary(english:"Check for the openSUSE-2019-1635 patch");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for ansible fixes the following issues :
    
    Ansible was updated to version 2.8.1 :
    
    Full changelog is at /usr/share/doc/packages/ansible/changelogs/
    
      - Bugfixes
    
      - ACI - DO not encode query_string
    
      - ACI modules - Fix non-signature authentication
    
      - Add missing directory provided via ``--playbook-dir`` to
        adjacent collection loading
    
      - Fix 'Interface not found' errors when using
        eos_l2_interface with non-existent interfaces configured
    
      - Fix cannot get credential when `source_auth` set to
        `credential_file`.
    
      - Fix netconf_config backup string issue
    
      - Fix privilege escalation support for the docker
        connection plugin when credentials need to be supplied
        (e.g. sudo with password).
    
      - Fix vyos cli prompt inspection
    
      - Fixed loading namespaced documentation fragments from
        collections.
    
      - Fixing bug came up after running cnos_vrf module against
        coverity.
    
      - Properly handle data importer failures on PVC creation,
        instead of timing out.
    
      - To fix the ios static route TC failure in CI
    
      - To fix the nios member module params
    
      - To fix the nios_zone module idempotency failure
    
      - add terminal initial prompt for initial connection
    
      - allow include_role to work with ansible command
    
      - allow python_requirements_facts to report on
        dependencies containing dashes
    
      - asa_config fix
    
      - azure_rm_roledefinition - fix a small error in build
        scope.
    
      - azure_rm_virtualnetworkpeering - fix cross subscriptions
        virtual network peering.
    
      - cgroup_perf_recap - When not using file_per_task, make
        sure we don't prematurely close the perf files
    
      - display underlying error when reporting an invalid
        ``tasks:`` block.
    
      - dnf - fix wildcard matching for state: absent
    
      - docker connection plugin - accept version ``dev`` as
        'newest version' and print warning.
    
      - docker_container - ``oom_killer`` and ``oom_score_adj``
        options are available since docker-py 1.8.0, not 2.0.0
        as assumed by the version check.
    
      - docker_container - fix network creation when
        ``networks_cli_compatible`` is enabled.
    
      - docker_container - use docker API's ``restart`` instead
        of ``stop``/``start`` to restart a container.
    
      - docker_image - if ``build`` was not specified, the wrong
        default for ``build.rm`` is used.
    
      - docker_image - if ``nocache`` set to ``yes`` but not
        ``build.nocache``, the module failed.
    
      - docker_image - module failed when ``source: build`` was
        set but ``build.path`` options not specified.
    
      - docker_network module - fix idempotency when using
        ``aux_addresses`` in ``ipam_config``.
    
      - ec2_instance - make Name tag idempotent
    
      - eos: don't fail modules without become set, instead show
        message and continue
    
      - eos_config: check for session support when asked to
        'diff_against: session'
    
      - eos_eapi: fix idempotency issues when vrf was
        unspecified.
    
      - fix bugs for ce - more info see
    
      - fix incorrect uses of to_native that should be to_text
        instead.
    
      - hcloud_volume - Fix idempotency when attaching a server
        to a volume.
    
      - ibm_storage - Added a check for null fields in
        ibm_storage utils module.
    
      - include_tasks - whitelist ``listen`` as a valid keyword
    
      - k8s - resource updates applied with force work correctly
        now
    
      - keep results subset also when not no_log.
    
      - meraki_switchport - improve reliability with native VLAN
        functionality.
    
      - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap
        secret size and clearing functionality
    
      - netapp_e_volumes - fix workload profileId indexing when
        no previous workload tags exist on the storage array.
    
      - nxos_acl some platforms/versions raise when no ACLs are
        present
    
      - nxos_facts fix
        <https://github.com/ansible/ansible/pull/57009>
    
      - nxos_file_copy fix passwordless workflow
    
      - nxos_interface Fix admin_state check for n6k
    
      - nxos_snmp_traps fix group all for N35 platforms
    
      - nxos_snmp_user fix platform fixes for get_snmp_user
    
      - nxos_vlan mode idempotence bug
    
      - nxos_vlan vlan names containing regex ctl chars should
        be escaped
    
      - nxos_vtp_* modules fix n6k issues
    
      - openssl_certificate - fix private key passphrase
        handling for ``cryptography`` backend.
    
      - openssl_pkcs12 - fixes crash when private key has a
        passphrase and the module is run a second time.
    
      - os_stack - Apply tags conditionally so that the module
        does not throw up an error when using an older distro of
        openstacksdk
    
      - pass correct loading context to persistent connections
        other than local
    
      - pkg_mgr - Ansible 2.8.0 failing to install yum packages
        on Amazon Linux
    
      - postgresql - added initial SSL related tests
    
      - postgresql - added missing_required_libs, removed excess
        param mapping
    
      - postgresql - move connect_to_db and get_pg_version into
        module_utils/postgres.py
        (https://github.com/ansible/ansible/pull/55514)
    
      - postgresql_db - add note to the documentation about
        state dump and the incorrect rc
        (https://github.com/ansible/ansible/pull/57297)
    
      - postgresql_db - fix for postgresql_db fails if stderr
        contains output
    
      - postgresql_ping - fixed a typo in the module
        documentation
    
      - preserve actual ssh error when we cannot connect.
    
      - route53_facts - the module did not advertise check mode
        support, causing it not to be run in check mode.
    
      - sysctl: the module now also checks the output of STDERR
        to report if values are correctly set
        (https://github.com/ansible/ansible/pull/55695)
    
      - ufw - correctly check status when logging is off
    
      - uri - always return a value for status even during
        failure
    
      - urls - Handle redirects properly for IPv6 address by not
        splitting on ``:`` and rely on already parsed hostname
        and port values
    
      - vmware_vm_facts - fix the support with regular ESXi
    
      - vyos_interface fix
        <https://github.com/ansible/ansible/pull/57169>
    
      - we don't really need to template vars on definition as
        we do this on demand in templating.
    
      - win_acl - Fix qualifier parser when using UNC paths -
    
      - win_hostname - Fix non netbios compliant name handling
    
      - winrm - Fix issue when attempting to parse CLIXML on
        send input failure
    
      - xenserver_guest - fixed an issue where VM whould be
        powered off even though check mode is used if
        reconfiguration requires VM to be powered off.
    
      - xenserver_guest - proper error message is shown when
        maximum number of network interfaces is reached and
        multiple network interfaces are added at once.
    
      - yum - Fix false error message about autoremove not being
        supported
    
      - yum - fix failure when using ``update_cache`` standalone
    
      - yum - handle special '_none_' value for proxy in
        yum.conf and .repo files
    
    Update to version 2.8.0
    
    Major changes :
    
      - Experimental support for Ansible Collections and content
        namespacing - Ansible content can now be packaged in a
        collection and addressed via namespaces. This allows for
        easier sharing, distribution, and installation of
        bundled modules/roles/plugins, and consistent rules for
        accessing specific content via namespaces.
    
      - Python interpreter discovery - The first time a Python
        module runs on a target, Ansible will attempt to
        discover the proper default Python interpreter to use
        for the target platform/version (instead of immediately
        defaulting to /usr/bin/python). You can override this
        behavior by setting ansible_python_interpreter or via
        config. (see
        https://github.com/ansible/ansible/pull/50163)
    
      - become - The deprecated CLI arguments for --sudo,
        --sudo-user,
    
        --ask-sudo-pass, -su, --su-user, and --ask-su-pass have
        been removed, in favor of the more generic --become,
        --become-user, --become-method, and
    
        --ask-become-pass.
    
      - become - become functionality has been migrated to a
        plugin architecture, to allow customization of become
        functionality and 3rd party become methods
        (https://github.com/ansible/ansible/pull/50991)
    
      - addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828,
        CVE-2018-16837
    
    For the full changelog see /usr/share/doc/packages/ansible/changelogs
    or online:
    https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELO
    G-v2.8.rst"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109957"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112959"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126503"
      );
      # https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?038dc6b5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/50163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/50991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/55514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/55695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/57009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/57169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/ansible/ansible/pull/57297"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"ansible-2.8.1-lp150.2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ansible-2.8.1-lp151.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-AF82E7C863.NASL
    descriptionUpdate to 2.7.5 bugfix release. Fix for CVE-2018-16876 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120709
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120709
    titleFedora 29 : ansible (2018-af82e7c863)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-af82e7c863.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120709);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-16876");
      script_xref(name:"FEDORA", value:"2018-af82e7c863");
    
      script_name(english:"Fedora 29 : ansible (2018-af82e7c863)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 2.7.5 bugfix release. Fix for CVE-2018-16876
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-af82e7c863"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"ansible-2.7.5-1.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3835.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.5.14) Security fix(es) : * ansible: information disclosure in vvv+ mode with no_log on (CVE-2018-16876) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : See https://github.com/ansible/ansible/blob/v2.5.14/changelogs/ CHANGELOG-v2.5.rst for details on bug fixes in this release.
    last seen2020-03-28
    modified2018-12-20
    plugin id119797
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119797
    titleRHEL 7 : ansible (RHSA-2018:3835)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3835. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119797);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
    
      script_cve_id("CVE-2018-16876");
      script_xref(name:"RHSA", value:"2018:3835");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:3835)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ansible is now available for Ansible Engine 2.5.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.5.14)
    
    Security fix(es) :
    
    * ansible: information disclosure in vvv+ mode with no_log on
    (CVE-2018-16876)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Bug Fix(es) :
    
    See https://github.com/ansible/ansible/blob/v2.5.14/changelogs/
    CHANGELOG-v2.5.rst for details on bug fixes in this release."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3835"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-16876"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible and / or ansible-doc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3835";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.5"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.5");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.5.14-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"ansible-doc-2.5.14-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible / ansible-doc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3836.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.6.11) Security fix(es) : * ansible: information disclosure in vvv+ mode with no_log on (CVE-2018-16876) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : See https://github.com/ansible/ansible/blob/v2.6.11/changelogs/ CHANGELOG-v2.6.rst for details on bug fixes in this release.
    last seen2020-03-28
    modified2018-12-20
    plugin id119798
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119798
    titleRHEL 7 : ansible (RHSA-2018:3836)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3836. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119798);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
    
      script_cve_id("CVE-2018-16876");
      script_xref(name:"RHSA", value:"2018:3836");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:3836)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ansible is now available for Ansible Engine 2.6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.6.11)
    
    Security fix(es) :
    
    * ansible: information disclosure in vvv+ mode with no_log on
    (CVE-2018-16876)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Bug Fix(es) :
    
    See https://github.com/ansible/ansible/blob/v2.6.11/changelogs/
    CHANGELOG-v2.6.rst for details on bug fixes in this release."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3836"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-16876"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3836";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.6"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.6");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.6.11-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3837.NASL
    descriptionAn update for ansible is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.7.5) Security fix(es) : * ansible: information disclosure in vvv+ mode with no_log on (CVE-2018-16876) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : See https://github.com/ansible/ansible/blob/v2.7.5/changelogs/ CHANGELOG-v2.7.rst for details on bug fixes in this release.
    last seen2020-03-28
    modified2018-12-20
    plugin id119799
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119799
    titleRHEL 7 : ansible (RHSA-2018:3837)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3837. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119799);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
    
      script_cve_id("CVE-2018-16876");
      script_xref(name:"RHSA", value:"2018:3837");
    
      script_name(english:"RHEL 7 : ansible (RHSA-2018:3837)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for ansible is now available for Ansible Engine 2.7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    Ansible is a simple model-driven configuration management, multi-node
    deployment, and remote-task execution system. Ansible works over SSH
    and does not require any software or daemons to be installed on remote
    nodes. Extension modules can be written in any language and are
    transferred to managed machines automatically.
    
    The following packages have been upgraded to a newer upstream version:
    ansible (2.7.5)
    
    Security fix(es) :
    
    * ansible: information disclosure in vvv+ mode with no_log on
    (CVE-2018-16876)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Bug Fix(es) :
    
    See https://github.com/ansible/ansible/blob/v2.7.5/changelogs/
    CHANGELOG-v2.7.rst for details on bug fixes in this release."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-16876"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ansible package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3837";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.7"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.7");
    
      if (rpm_check(release:"RHEL7", reference:"ansible-2.7.5-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible");
      }
    }
    

Redhat

advisories
  • rhsa
    idRHSA-2018:3835
  • rhsa
    idRHSA-2018:3836
  • rhsa
    idRHSA-2018:3837
  • rhsa
    idRHSA-2018:3838
  • rhsa
    idRHSA-2019:0564
  • rhsa
    idRHSA-2019:0590
rpms
  • ansible-0:2.5.14-1.el7ae
  • ansible-doc-0:2.5.14-1.el7ae
  • ansible-0:2.6.11-1.el7ae
  • ansible-0:2.7.5-1.el7ae
  • ansible-0:2.7.5-1.el7ae
  • ansible-0:2.6.11-1.el7ae
  • openstack-ec2-api-0:6.0.1-0.20181123223255.1e25260.el7ost
  • openstack-manila-1:6.0.2-5.el7ost
  • openstack-manila-share-1:6.0.2-5.el7ost
  • openstack-selinux-0:0.8.17-2.el7ost
  • openstack-tempest-1:18.0.0-6.el7ost
  • openstack-tempest-all-1:18.0.0-6.el7ost
  • os-apply-config-0:8.3.1-0.20180831234255.be699ba.el7ost
  • python-docker-0:2.4.2-2.el7
  • python-ec2-api-tests-0:6.0.1-0.20181123223255.1e25260.el7ost
  • python-manila-1:6.0.2-5.el7ost
  • python-manila-tests-1:6.0.2-5.el7ost
  • python-novajoin-0:1.0.22-1.el7ost
  • python-openstackclient-lang-0:3.14.3-2.el7ost
  • python2-barbicanclient-0:4.6.0-2.el7ost
  • python2-ec2-api-0:6.0.1-0.20181123223255.1e25260.el7ost
  • python2-heat-tests-tempest-0:0.1.1-0.20180514163845.9d99219.el7ost
  • python2-openstackclient-0:3.14.3-2.el7ost
  • python2-openstacksdk-0:0.11.3-2.el7ost
  • python2-tempest-1:18.0.0-6.el7ost
  • python2-tempest-tests-1:18.0.0-6.el7ost
  • python2-vmware-nsxlib-0:12.0.4-3.el7ost
  • python2-vmware-nsxlib-tests-0:12.0.4-3.el7ost
  • rhosp-release-0:13.0.5-1.el7ost
  • ansible-0:2.6.11-1.el7ae