 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2019-14904 |
| Description: | A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.892535 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-14904 Debian Security Information: DSA-4950 (Google Search) https://www.debian.org/security/2021/dsa-4950 https://bugzilla.redhat.com/show_bug.cgi?id=1776944 https://bugzilla.redhat.com/show_bug.cgi?id=1776944 https://github.com/ansible/ansible/pull/65686 https://github.com/ansible/ansible/pull/65686 https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html |