SB2018070662 - Fedora 27 update for ansible

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018070662

SB2018070662 - Fedora 27 update for ansible

Published: July 6, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018070662
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2018-10874)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to the system reads the 'ansible.cfg' file from the current working directory when running an ad-hoc command. A local attacker can modify the file to reference arbitrary plugin or module paths and execute arbitrary code from those paths with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Privilege escalation (CVE-ID: CVE-2018-10875)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to the system loads inventory variables from the current working directory when running an ad-hoc command. A local attacker can modify the variables and execute arbitrary code from those paths with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References