Detections
Analytics

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Ansible vulnerabilities (USN-5315-1)

high Nessus Plugin ID 183136

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5315-1 advisory.

 - An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. (CVE-2020-10744)

 - A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with umask 77 && mkdir -p <dir>; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. (CVE-2020-1733)

 - A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. (CVE-2021-3583)

 - A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. (CVE-2021-3620)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected ansible, ansible-fireball and / or ansible-node-fireball packages.

See Also

https://ubuntu.com/security/notices/USN-5315-1

Plugin Details

Severity: High

ID: 183136

File Name: ubuntu_USN-5315-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 10/16/2023

Updated: 10/16/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Low

Base Score: 3.7

Temporal Score: 2.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-1733

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-3583

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:16.04:-:esm, cpe:/o:canonical:ubuntu_linux:18.04:-:esm, cpe:/o:canonical:ubuntu_linux:20.04:-:esm, cpe:/o:canonical:ubuntu_linux:22.04:-:esm, p-cpe:/a:canonical:ubuntu_linux:ansible, p-cpe:/a:canonical:ubuntu_linux:ansible-fireball, p-cpe:/a:canonical:ubuntu_linux:ansible-node-fireball

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/7/2022

Vulnerability Publication Date: 12/19/2019

Reference Information

CVE: CVE-2020-10744, CVE-2020-1733, CVE-2021-3583, CVE-2021-3620

IAVB: 2019-B-0092-S, 2022-B-0007

USN: 5315-1