CVE-2016-3096

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

Published : 2016-06-03 14:59 Updated : 2018-10-30 16:28

7.2
CVSS Score More info
Score 7.2 / 10
7.2
Vendor Product Version URI
Fedoraproject Fedora 22 cpe:/o:fedoraproject:fedora:22
Fedoraproject Fedora 23 cpe:/o:fedoraproject:fedora:23
Fedoraproject Fedora 24 cpe:/o:fedoraproject:fedora:24
Redhat Ansible 1.9.6 cpe:/a:redhat:ansible:1.9.6
Redhat Ansible 2.0 cpe:/a:redhat:ansible:2.0
Redhat Ansible 2.0.1 cpe:/a:redhat:ansible:2.0.1
  1. Redhat (1) Search CVE
    1. Ansible (3) Search CVE
      1. 1.9.6
      2. 2.0
      3. 2.0.1
  2. Fedoraproject (1) Search CVE
    1. Fedora (3) Search CVE
      1. 22
      2. 23
      3. 24

CWE

ID Name Description Links
CWE-59 Improper Link Resolution Before File Access ('Link Following') The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. CVE

History of changes

Date Event
2018-09-19 13:32
2018-08-13 21:47
2016-06-03 14:59

New CVE