PT-2018-5034 · Red Hat+4 · Ansible+4

Ypid

Publicado

2017-03-30

Atualizado

2025-03-28

CVE-2016-8614

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.2.0

Description A flaw was found in the apt key module, which does not properly verify key fingerprints. This allows a remote adversary to create an OpenPGP key that matches the short key ID and inject this key instead of the correct key.

Recommendations For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the apt key module until a patch is available. Restrict access to the apt key module to minimize the risk of exploitation.

Exploit

Correção

Improperly Implemented Security Check for Standard

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-320CWE-358

Identificadores relacionados

ALT-PU-2017-1386

CVE-2016-8614

GHSA-CMWX-9M2H-X7V4

MGASA-2017-0164

OPENSUSE-SU-2017:2976-1

OPENSUSE-SU-2017:2978-1

PYSEC-2018-37

SUSE-SU-2020:3309-1

SUSE-SU-2024:1509-1

USN-7330-1

USN-7330-2

Produtos afetados

Alt Linux

Ansible

Ansible-Core

Linuxmint

Ubuntu

PT-2018-5034 · Red Hat+4 · Ansible+4

CVE-2016-8614

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 170