PT-2018-5101 · Red Hat+2 · Ansible+2

Kurt Seifried

Publicado

2017-03-30

Atualizado

2026-06-03

CVE-2016-9587

CVSS v2.0

9.3

Crítica

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.1.4 Ansible versions prior to 2.2.1

Description The issue is related to improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Recommendations For versions prior to 2.1.4, update to version 2.1.4 or later. For versions prior to 2.2.1, update to version 2.2.1 or later. As a temporary workaround, consider restricting the ability of client systems to send facts back to the Ansible server until a patch is applied.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-1386

CVE-2016-9587

GHSA-M956-FRF4-M2WR

OPENSUSE-SU-2017:2976-1

OPENSUSE-SU-2017:2978-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

OPENSUSE-SU-2026:10944-1

PYSEC-2018-39

RHSA-2017:0195

RHSA-2017:0260

RHSA-2017:0448

RHSA-2017:0515

RHSA-2017:1685

SUSE-SU-2017:3029-1

SUSE-SU-2020:3309-1

SUSE-SU-2024:1427-1

SUSE-SU-2024:1509-1

Produtos afetados

Alt Linux

Ansible

Ansible-Core

PT-2018-5101 · Red Hat+2 · Ansible+2

CVE-2016-9587

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 178