SB2020101420 - Multiple vulnerabilities in Ansible Automation Platform 1.0 packages
Published: October 14, 2020 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 33 secuirty vulnerabilities.
1) Double Free (CVE-ID: CVE-2019-18874)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists because of refcount mishandling within a "while" or "for" loop that converts system data into a Python object. A remote attacker can trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Input validation error (CVE-ID: CVE-2017-12652)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in libpng when checking the chuck length against the user limit. A remote attacker can supply a specially crafted PNG image and crash the affected application.
3) XML External Entity injection (CVE-ID: CVE-2018-20843)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input including XML names that contain a large number of colons. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
4) Out-of-bounds write (CVE-ID: CVE-2019-5094)
The vulnerability allows a local user to escalate privileges on the vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the quota file functionality. A local user can send a specially crafted xt4 partition, trigger out-of-bounds write on the heap and execute arbitrary code on the target system.
Note: An attacker can corrupt a partition to trigger this vulnerability.
5) Out-of-bounds write (CVE-ID: CVE-2019-5188)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the directory rehashing functionality in "rehash.c" within the "mutate_name()" function. A local user can use a specially crafted ext4 directory, trigger out-of-bounds write on the stack and execute arbitrary code on the target system.
6) Heap-based buffer overflow (CVE-ID: CVE-2019-5482)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tftp_receive_packet() function when processing TFTP data. A remote attacker can send specially crafted TFTP response to the vulnerable curl client, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Out-of-bounds read (CVE-ID: CVE-2019-11719)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
8) Improper Certificate Validation (CVE-ID: CVE-2019-11727)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists doe to an error within the Mozilla NSS library, when working with TLS certificates. A remote attacker can force Network Security Services (NSS) to sign CertificateVerify with
PKCS#1 v1.5 signatures when those are the only ones advertised by server
in CertificateRequest in TLS 1.3. A remote attacker can perform a Man-in-the-Middle attack and gain access to sensitive information.
9) Use-after-free (CVE-ID: CVE-2019-11756)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing SFTKSession object. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and crash the application or execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-12450)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the application applies default directory permissions to files while copying them in file_copy_fallback() function in gio/gfile.c. A local user can interfere with the copying operation and gain access to otherwise restricted files, as the application applies correct access permissions after the file was copied only.
Such application behavior allows a local user to access potentially sensitive data or modify file contents in case directory permissions that were applied to the file allow such operations.
11) Improper Authentication (CVE-ID: CVE-2019-12749)
The vulnerability allows a an attacker to bypass authentication process.
The vulnerability exists due to an error when handling symlinks within the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. A malicious client with access to to its own home directory can manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write into unintended locations.
Successful exploitation of the vulnerability may allow an attacker to bypass DBUS_COOKIE_SHA1 authentication mechanis.
12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-14822)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to iBus does not check user privileges when allowing connection to the AF_UNIX socket. A local user can connect to an existing AF_UNIX socket and perform arbitrary actions, such read and send messages on behalf of another user connected on a graphical environment.
13) Input validation error (CVE-ID: CVE-2019-14866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to GNU cpio does not properly validate files when writing tar headers during tar archive creation. A local user can trick the victim into creating a tar archive out of a directory with specially crafted files. As a result the generated archive may contain files that the attacker does not have access to.
14) Integer overflow (CVE-ID: CVE-2019-14973)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attacks.
The vulnerability exists due to integer overflow in the "_TIFFCheckMalloc" and "_TIFFCheckRealloc" functions in the "tif_aux.c" file. A remote attacker can trick a victim to open a specially crafted file that contains crafted TIFF images, trigger integer overflow and crash the target application.
15) Out-of-bounds read (CVE-ID: CVE-2019-15903)
The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing XML documents within the expat library. A remote attacker can create a specially crafted XML file, pass it to the affected application, trigger out-of-bounds read error and read contents of memory on the system or crash the affected application.
16) Cross-site scripting (CVE-ID: CVE-2019-16935)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing the server_title field in the XML-RPC server (Lib/DocXMLRPCServer.py) in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
17) Heap-based buffer overflow (CVE-ID: CVE-2019-17006)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Mozilla NSS library when processing input text length while using certain cryptographic primitives. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Algorithm Downgrade (CVE-ID: CVE-2019-17023)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to insecure negotiation After a HelloRetryRequest in Mozilla NSS that can lead to selection of a less secure protocol (e.g. TLS 1.2 or below) after the HelloRetryRequest TLS 1.3 is sent.
19) Integer overflow (CVE-ID: CVE-2019-17498)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or access sensitive information.
The vulnerability exists due to integer overflow in the "SSH_MSG_DISCONNECT" logic in "packet.c" in a bounds check. A remote attacker can specify an arbitrary (out-of-bounds) offset for a subsequent memory read, trigger out-of-bounds read, disclose sensitive information or cause a denial of service condition on the target system when a user connects to the malicious SSH server.
20) Integer overflow (CVE-ID: CVE-2019-17546)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing RGBA images. A remote attacker can create a specially crafted RGBA image, pass it to the affected application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Information disclosure (CVE-ID: CVE-2019-19126)
The vulnerability allows a local authenticated user to gain access to sensitive information.
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
22) Memory leak (CVE-ID: CVE-2019-19956)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. A remote attacker can trigger a memory leak related to newDoc->oldNs and perform denial of service attack.
23) Memory leak (CVE-ID: CVE-2019-20386)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in button_open() function in login/logind-button.c in systemd. A remote attacker can execute the udevadm trigger command and perform denial of service attack.
24) Memory leak (CVE-ID: CVE-2019-20388)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in xmlSchemaPreRun in xmlschemas.c. A remote attacker can trigger a xmlSchemaValidateStream memory leak and perform denial of service attack.
25) Buffer overflow (CVE-ID: CVE-2020-5313)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the "libImaging/FliDecode.c" file due to a boundary error when processing FLI image. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Cryptographic issues (CVE-ID: CVE-2020-6829)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to usage of wNAF point multiplication algorithm when performing EC scalar point multiplication, which leaked partial information about the nonce used during signature generation. A remote attacker can perform an electro-magnetic side-channel attack and recover the private key.
27) Infinite loop (CVE-ID: CVE-2020-7595)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in xmlStringLenDecodeEntities in parser.c. A remote attacker can consume all available system resources and cause denial of service conditions in a certain end-of-file situation.
28) Resource management error (CVE-ID: CVE-2020-12243)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error when performing searches with nested boolean expressions in filter.c within the slapd daemon in OpenLDAP. A remote attacker can send a specially crafted LDAP request to the affected server and crash the LDAP service.
29) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-12400)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in Mozilla NSS library in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key.
30) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-12401)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to usage of ECDSA signatures. A local user can perform a side channel attack and gain access to sensitive information.
31) Cryptographic issues (CVE-ID: CVE-2020-12402)
The vulnerability allows a remote attacker to recover the secret primes.
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.
32) Out-of-bounds read (CVE-ID: CVE-2020-12403)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing data encrypted with CHACHA20-POLY1305 ciphersuite. A remote attacker can trick the victim to connect to a malicious server and gain access to sensitive information.
33) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-14365)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
Remediation
Install update from vendor's website.