Published: 24/04/2018 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Ansible prior to 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat ansible
ansible ansible
redhat openstack 11

Debian Bug report logs - #850846 ansible: CVE-2016-9587: host to controller command execution vulnerability Package: src:ansible; Maintainer for src:ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 10 Jan 2017 18:00:02 UTC Severity: grave Tags: ...

Synopsis Important: ansible and openshift-ansible security and bug fix update Type/Severity Security Advisory: Important Topic An update for ansible and openshift-ansible is now available for Red Hat OpenShift Container Platform 32, Red Hat OpenShift Container Platform 33, and Red Hat OpenShift Container ...

Synopsis Important: ansible security update Type/Severity Security Advisory: Important Topic An update for ansible is now available for Red Hat Gluster Storage 32 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...

Synopsis Important: ansible security update Type/Severity Security Advisory: Important Topic An update for ansible is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...

Synopsis Important: ansible and ceph-ansible security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for ansible and ceph-ansible is now available for Red Hat Storage Console 2Red Hat Product Security has rated this update as having a security impact of Importan ...

Synopsis Important: ansible security update Type/Severity Security Advisory: Important Topic An update for ansible is now available for Red Hat OpenStack Platform 110 (Ocata)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS ...

Synopsis Important: ansible security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for ansible is now available for RHEV Engine version 41Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sy ...

Synopsis Important: ansible security update Type/Severity Security Advisory: Important Topic An update for ansible is now available for Red Hat Storage Console 2 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...

Synopsis Important: ansible and gdeploy security and bug fix update Type/Severity Security Advisory: Important Topic An update for ansible and gdeploy is now available for Red Hat Gluster Storage 31 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...

Synopsis Important: ansible and openshift-ansible security and bug fix update Type/Severity Security Advisory: Important Topic An update for ansible and openshift-ansible is now available for Red Hat OpenShift Container Platform 32, Red Hat OpenShift Container Platform 33, Red Hat OpenShift Container Plat ...

An input validation vulnerability was found in ansible's handling of data sent from client systems An attacker with control over a client system being managed by ansible and the ability to send facts back to the ansible server could use this flaw to execute arbitrary commands on the ansible server as the user and group ansible is running as ...

########### Computest security advisory CT-2017-0109 ############# Summary: Command execution on Ansible controller from host Affected software: Ansible CVE: CVE-2016-9587 Reference URL: wwwcomputestnl/advisories/ CT-2017-0109_Ansibletxt Affected versions: < 214, < 221 ...

During a summary code review of Ansible, Computest found and exploited several issues that allow a compromised host to execute commands on the Ansible controller and thus gain access to the other hosts controlled by that controller Versions 214 and 221 are affected ...

Ansible system configuration

CompFuzor CF is a repository of systems configuration scripts for onlining new nodes with a variety of services As opposed to normal Ansible where one is writing tasks, Compfuzor tries to codify many practices and tasks such that the author declares what they want (as variables) General routines handle all Compfuzor playbooks, enacting the variables for the playbook that have

Ansible patches 'own the farm' vulnerability

The Register • Richard Chirgwin • 11 Jan 2017

Just the Facts, sysadmins

Ansible sysadmins, make with the patch-fingers because the project's just gone public with a high-severity bug. CVE-2016-9587 is a peach: “a compromised remote system being managed via Ansible can lead to commands being run on the Ansible controller (as the user running the ansible or ansible-playbook command)”, Ansible lead at Red Hat James Cammarata writes. Dutch outfit Computest found the bug. It writes that if an attacker can get access to one compromised machine, they can use that as a ...

CVE-2016-9587

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect