FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ansible -- Command execution on Ansible controller from host

Affected packages
1.9.6_1 < ansible < 2.2.0.0_2

Details

VuXML ID a93c3287-d8fd-11e6-be5c-001fbc0f280f
Discovery 2017-01-09
Entry 2017-01-12

Computest reports:

Computest found and exploited several issues that allow a compromised host to execute commands on the Ansible controller and thus gain access to other hosts controlled by that controller.

References

CVE Name CVE-2016-9587
URL https://lwn.net/Articles/711357/
URL https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt