Ansible: Privilege escalation

Ansible: Privilege escalation A vulnerability in Ansible may allow local attackers to gain escalated privileges or write arbitrary files. ansible 2016-07-20 2016-07-20 578814 local 2.0.2.0-r1 1.9.6 2.0.2.0-r1

Ansible is a radically simple IT automation platform.

The create_script function in the lxc_container module of Ansible uses predictable temporary file names, making it vulnerable to a symlink attack.

Local attackers could write arbitrary files or gain escalated privileges within the container.

There is no known workaround at this time.

All Ansible 1.9.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-admin/ansible-1.9.6"

All Ansible 2.0.2.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-admin/ansible-2.0.2.0-r1"

CVE-2016-3096 b-man ackle