 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.12.2025.7330.1 |
| Categoría: | Ubuntu Local Security Checks |
| Título: | Ubuntu: Security Advisory (USN-7330-1) |
| Resumen: | The remote host is missing an update for the 'ansible' package(s) announced via the USN-7330-1 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'ansible' package(s) announced via the USN-7330-1 advisory. Vulnerability Insight: It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possibly use this issue to spoof SSL servers if they were able to intercept network communications. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908) Martin Carpenter discovered that certain connection plugins for Ansible did not properly restrict users. An attacker with local access could possibly use this issue to escape a restricted environment via symbolic links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240) Robin Schneider discovered that Ansible's apt_key module did not properly verify key fingerprints. A remote attacker could possibly use this issue to perform key injection, leading to the access of sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8614) It was discovered that Ansible would expose passwords in certain instances. An attacker could possibly use specially crafted input related to this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-10206) It was discovered that Ansible incorrectly logged sensitive information. An attacker with local access could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-14846) It was discovered that Ansible's solaris_zone module accepted input without performing input checking. A remote attacker could possibly use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-14904) It was discovered that Ansible did not generate sufficiently random values, which could lead to the exposure of passwords. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10729) It was discovered that Ansible's svn module could disclose passwords to users within the same node. An attacker could possibly use this issue to access sensitive information. (CVE-2020-1739) Affected Software/OS: 'ansible' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-3908 https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html http://www.openwall.com/lists/oss-security/2015/07/14/4 SuSE Security Announcement: openSUSE-SU-2015:1280 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html SuSE Security Announcement: openSUSE-SU-2015:1452 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html Common Vulnerability Exposure (CVE) ID: CVE-2015-6240 http://www.openwall.com/lists/oss-security/2015/08/17/10 Common Vulnerability Exposure (CVE) ID: CVE-2016-8614 BugTraq ID: 94108 http://www.securityfocus.com/bid/94108 Common Vulnerability Exposure (CVE) ID: CVE-2019-10206 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206 Debian Security Information: DSA-4950 (Google Search) https://www.debian.org/security/2021/dsa-4950 https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html SuSE Security Announcement: openSUSE-SU-2020:0513 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html SuSE Security Announcement: openSUSE-SU-2020:0523 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14846 https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html RedHat Security Advisories: RHSA-2019:3201 https://access.redhat.com/errata/RHSA-2019:3201 RedHat Security Advisories: RHSA-2019:3202 https://access.redhat.com/errata/RHSA-2019:3202 RedHat Security Advisories: RHSA-2019:3203 https://access.redhat.com/errata/RHSA-2019:3203 RedHat Security Advisories: RHSA-2019:3207 https://access.redhat.com/errata/RHSA-2019:3207 RedHat Security Advisories: RHSA-2020:0756 https://access.redhat.com/errata/RHSA-2020:0756 Common Vulnerability Exposure (CVE) ID: CVE-2019-14904 https://bugzilla.redhat.com/show_bug.cgi?id=1776944 https://github.com/ansible/ansible/pull/65686 Common Vulnerability Exposure (CVE) ID: CVE-2020-10729 https://bugzilla.redhat.com/show_bug.cgi?id=1831089 https://github.com/ansible/ansible/issues/34144 Common Vulnerability Exposure (CVE) ID: CVE-2020-1739 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/ https://github.com/ansible/ansible/issues/67797 |
| Copyright | Copyright (C) 2025 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |