FreeBSD : ansible -- Input validation flaw in jinja2 templating system (15a04b9f-47cb-11e7-a853-001fbc0f280f)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

RedHat security team reports :

An input validation flaw was found in Ansible, where it fails to
properly mark lookup-plugin results as unsafe. If an attacker could
control the results of lookup() calls, they could inject Unicode
strings to be parsed by the jinja2 templating system, result in code
execution.

See also :

https://access.redhat.com/security/cve/cve-2017-7481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481
http://www.nessus.org/u?566164cc

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100610 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now