Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2016-3096

Published: 03/06/2016 Updated: 13/02/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Fedora

Vulnerability Summary

The create_script function in the lxc_container module in Ansible prior to 1.9.6-1 and 2.x prior to 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 22

fedoraproject fedora 24

fedoraproject fedora 23

redhat ansible

redhat ansible 2.0

redhat ansible 2.0.1

Vendor Advisories

Debian CVElist Bug Report Logs: ansible: CVE-2016-3096: Code execution vulnerability in ansible lxc_container
Debian Bug report logs - #819676 ansible: CVE-2016-3096: Code execution vulnerability in ansible lxc_container Package: src:ansible; Maintainer for src:ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Mar 2016 18:24:01 UTC Severity: grave Ta ...
Red Hat: CVE-2016-3096
The create_script function in the lxc_container module in Ansible before 196-1 and 2x before 2020 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-scriptlog or (4) lxc-attach-scripterr files i ...

References

CWE-59http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1322925https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-awayhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.htmlhttps://github.com/ansible/ansible-modules-extras/pull/1941http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.htmlhttps://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbdhttps://security.gentoo.org/glsa/201607-14https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYighttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819676https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook