Bug 1099808 - (CVE-2018-10875) VUL-0: CVE-2018-10875: ansible: ansible.cfg is being read from current working directory allowing possible code execution
(CVE-2018-10875)
VUL-0: CVE-2018-10875: ansible: ansible.cfg is being read from current workin...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/209181/
CVSSv3.1:SUSE:CVE-2018-10875:7.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-02 08:55 UTC by Johannes Segitz
Modified: 2022-07-25 11:02 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-07-02 08:55:27 UTC
rh#1596533

It was found that ansible.cfg is being read from current working directory, which cam be made to point to plugin or module paths that are under control of the attacker, allowing to execute arbitrary code.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1596533
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10875
Comment 6 Swamp Workflow Management 2018-12-17 09:25:26 UTC
SUSE-SU-2018:4130-1: An update that fixes three vulnerabilities is now available.

Category: secur
ity (moderate)
Bug References: 1097775,1099805,1099808
CVE References: CVE-2018-10855,CVE-2018-10874,CVE-2018-10875
Sources used:
SUSE Ope
nStack Cloud Crowbar 8 (src):    ansible-2.4.6.0-3.3.1
SUSE OpenStack Cloud 8 (src):    ansible-2.4.6.0-3.3.1
HPE Helion Openstack 8 (src): 
   ansible-2.4.6.0-3.3.1
Comment 7 Swamp Workflow Management 2018-12-17 09:25:36 UTC
SUSE-SU-2018:4130-1: An update that fixes three vulnerabilities is now available.

Category: secur
ity (moderate)
Bug References: 1097775,1099805,1099808
CVE References: CVE-2018-10855,CVE-2018-10874,CVE-2018-10875
Sources used:
SUSE Ope
nStack Cloud Crowbar 8 (src):    ansible-2.4.6.0-3.3.1
SUSE OpenStack Cloud 8 (src):    ansible-2.4.6.0-3.3.1
HPE Helion Openstack 8 (src): 
   ansible-2.4.6.0-3.3.1
Comment 8 Swamp Workflow Management 2019-01-10 07:33:58 UTC
SUSE-SU-2018:4130-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1097775,1099805,1099808
CVE References: CVE-2018-10855,CVE-2018-10874,CVE-2018-10875
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    ansible-2.4.6.0-3.3.1
SUSE OpenStack Cloud 8 (src):    ansible-2.4.6.0-3.3.1
HPE Helion Openstack 8 (src):    ansible-2.4.6.0-3.3.1
Comment 9 Swamp Workflow Management 2019-04-03 07:10:16 UTC
openSUSE-SU-2019:1125-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1099808,1102126,1109957,1112959,1116587,1118896,1126503
CVE References: CVE-2018-10875,CVE-2018-16837,CVE-2018-16859,CVE-2018-16876,CVE-2019-3828
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    ansible-2.7.8-9.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 14 Marcus Meissner 2020-10-02 08:50:52 UTC
released
Comment 17 Swamp Workflow Management 2022-03-16 20:17:09 UTC
openSUSE-SU-2022:0081-1: An update that solves 26 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1099808,1112959,1118896,1126503,1137528,1157968,1157969,1164133,1164134,1164135,1164136,1164137,1164138,1164139,1164140,1165393,1166389,1167440,1167532,1167873,1171162,1174145,1174302,1180816,1180942,1181119,1181935
CVE References: CVE-2018-10875,CVE-2018-16837,CVE-2019-10156,CVE-2019-14846,CVE-2019-14904,CVE-2019-14905,CVE-2020-10684,CVE-2020-10685,CVE-2020-10691,CVE-2020-10729,CVE-2020-14330,CVE-2020-14332,CVE-2020-1733,CVE-2020-1734,CVE-2020-1735,CVE-2020-1736,CVE-2020-1737,CVE-2020-1738,CVE-2020-1739,CVE-2020-1740,CVE-2020-1746,CVE-2020-1753,CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    ansible-2.9.21-bp153.2.3.1