PT-2013-4921 · Red Hat+1 · Ansible+1
Michael Scherer
+1
·
Published
2013-09-16
·
Updated
2023-02-13
·
CVE-2013-4259
CVSS v4.0
2.1
Low
| Vector | AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Ansible versions prior to 1.2.3
Description
The issue allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/. This occurs when using ControlPersist in the
runner/connection plugins/ssh.py module.Recommendations
For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of
ControlPersist until a patch is available. Restrict access to the /tmp/ directory to minimize the risk of exploitation. Avoid using predictable names for socket files in the /tmp/ directory until the issue is resolved.Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ansible
Ansible-Core