what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2018-16837

Status Candidate

Overview

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

Related Files

Ubuntu Security Notice USN-4072-1
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4072-1 - It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-7481, CVE-2018-10855, CVE-2018-10874, CVE-2018-10875, CVE-2018-16837, CVE-2018-16876, CVE-2019-10156, CVE-2019-3828
MD5 | 7a9cfe8749c9081a9cb43d26360a411c
Debian Security Advisory 4396-1
Posted Feb 20, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4396-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-10855, CVE-2018-10875, CVE-2018-16837, CVE-2018-16876, CVE-2019-3828
MD5 | e731970af38b8a949348da84d1ee14ec
Red Hat Security Advisory 2018-3505-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-9262, CVE-2016-9396, CVE-2017-1000050, CVE-2017-18267, CVE-2017-3735, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737, CVE-2018-0739, CVE-2018-1000805, CVE-2018-1060, CVE-2018-1061, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-10844, CVE-2018-10845, CVE-2018-10846, CVE-2018-12384, CVE-2018-12910, CVE-2018-13988, CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-16837, CVE-2018-17456
MD5 | b7af30db27ef5f7b266ad41827d5a000
Red Hat Security Advisory 2018-3463-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3463-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2018-16837
MD5 | 3b32d784757531f94cee253144a6bb11
Red Hat Security Advisory 2018-3461-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3461-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability. m

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2018-16837
MD5 | 22baaf41373533f294edce75a9651914
Red Hat Security Advisory 2018-3462-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3462-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2018-16837
MD5 | cff9950ad386d883ba3b64759ae0c76a
Red Hat Security Advisory 2018-3460-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3460-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information exposure vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2018-16837
MD5 | 011fc1c9a0d75125a8a9759362f1af9a
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close