Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0439)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0439

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0439)

Resumen: The remote host is missing an update for the 'ansible' package(s) announced via the MGASA-2018-0439 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ansible' package(s) announced via the MGASA-2018-0439 advisory.

Vulnerability Insight:
It was found that inventory variables are loaded from current working
directory when running ad-hoc command which are under attacker's
control, allowing to run arbitrary code as a result (CVE-2018-10874).

It was found that ansible.cfg is being read from the current working
directory, which can be made to point to plugin or module paths that are
under control of the attacker. This could allow an attacker to execute
arbitrary code (CVE-2018-10875).

Affected Software/OS:
'ansible' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-10874
1041396
http://www.securitytracker.com/id/1041396
RHBA-2018:3788
https://access.redhat.com/errata/RHBA-2018:3788
RHSA-2018:2150
https://access.redhat.com/errata/RHSA-2018:2150
RHSA-2018:2151
https://access.redhat.com/errata/RHSA-2018:2151
RHSA-2018:2152
https://access.redhat.com/errata/RHSA-2018:2152
RHSA-2018:2166
https://access.redhat.com/errata/RHSA-2018:2166
RHSA-2018:2321
https://access.redhat.com/errata/RHSA-2018:2321
RHSA-2018:2585
https://access.redhat.com/errata/RHSA-2018:2585
RHSA-2019:0054
https://access.redhat.com/errata/RHSA-2019:0054
USN-4072-1
https://usn.ubuntu.com/4072-1/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874
Common Vulnerability Exposure (CVE) ID: CVE-2018-10875
Debian Security Information: DSA-4396 (Google Search)
https://www.debian.org/security/2019/dsa-4396
https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html
RedHat Security Advisories: RHBA-2018:3788
RedHat Security Advisories: RHSA-2018:2150
RedHat Security Advisories: RHSA-2018:2151
RedHat Security Advisories: RHSA-2018:2152
RedHat Security Advisories: RHSA-2018:2166
RedHat Security Advisories: RHSA-2018:2321
RedHat Security Advisories: RHSA-2018:2585
RedHat Security Advisories: RHSA-2019:0054
SuSE Security Announcement: openSUSE-SU-2019:1125 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0439
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0439)
Resumen:	The remote host is missing an update for the 'ansible' package(s) announced via the MGASA-2018-0439 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ansible' package(s) announced via the MGASA-2018-0439 advisory. Vulnerability Insight: It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result (CVE-2018-10874). It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code (CVE-2018-10875). Affected Software/OS: 'ansible' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10874 1041396 http://www.securitytracker.com/id/1041396 RHBA-2018:3788 https://access.redhat.com/errata/RHBA-2018:3788 RHSA-2018:2150 https://access.redhat.com/errata/RHSA-2018:2150 RHSA-2018:2151 https://access.redhat.com/errata/RHSA-2018:2151 RHSA-2018:2152 https://access.redhat.com/errata/RHSA-2018:2152 RHSA-2018:2166 https://access.redhat.com/errata/RHSA-2018:2166 RHSA-2018:2321 https://access.redhat.com/errata/RHSA-2018:2321 RHSA-2018:2585 https://access.redhat.com/errata/RHSA-2018:2585 RHSA-2019:0054 https://access.redhat.com/errata/RHSA-2019:0054 USN-4072-1 https://usn.ubuntu.com/4072-1/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874 Common Vulnerability Exposure (CVE) ID: CVE-2018-10875 Debian Security Information: DSA-4396 (Google Search) https://www.debian.org/security/2019/dsa-4396 https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html RedHat Security Advisories: RHBA-2018:3788 RedHat Security Advisories: RHSA-2018:2150 RedHat Security Advisories: RHSA-2018:2151 RedHat Security Advisories: RHSA-2018:2152 RedHat Security Advisories: RHSA-2018:2166 RedHat Security Advisories: RHSA-2018:2321 RedHat Security Advisories: RHSA-2018:2585 RedHat Security Advisories: RHSA-2019:0054 SuSE Security Announcement: openSUSE-SU-2019:1125 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
Copyright	Copyright (C) 2022 Greenbone AG