FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ansible -- local symlink exploits

Affected packages
ansible < 1.2.3

Details

VuXML ID a6a9f9d5-205c-11e5-a4a5-002590263bf5
Discovery 2013-08-21
Entry 2015-07-02

MITRE reports:

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.

lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

References

CVE Name CVE-2013-4259
CVE Name CVE-2013-4260
URL http://www.ansible.com/security
URL https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg