Bug 1099805 (CVE-2018-10874) - VUL-0: CVE-2018-10874: ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution
Summary: VUL-0: CVE-2018-10874: ansible: Inventory variables are loaded from current w...
Status: RESOLVED FIXED
Alias: CVE-2018-10874
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/209180/
Whiteboard: CVSSv3.1:SUSE:CVE-2018-10874:7.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-02 08:51 UTC by Johannes Segitz
Modified: 2024-05-06 12:31 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-07-02 08:51:30 UTC 
rh#1596528

It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1596528
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10874
Comment 5 Matej Cepl 2018-10-12 21:41:42 UTC 
The upstream ticket for this CVE is https://github.com/ansible/ansible/pull/42067
Comment 6 Swamp Workflow Management 2018-12-14 20:11:34 UTC 
SUSE-SU-2018:4130-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1097775,1099805,1099808
CVE References: CVE-2018-10855,CVE-2018-10874,CVE-2018-10875
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    ansible-2.4.6.0-3.3.1
SUSE OpenStack Cloud 8 (src):    ansible-2.4.6.0-3.3.1
HPE Helion Openstack 8 (src):    ansible-2.4.6.0-3.3.1
Comment 8 Alexandros Toptsoglou 2020-04-29 11:33:48 UTC 
Done
Comment 14 Maintenance Automation 2024-04-24 12:30:05 UTC 
SUSE-SU-2024:1427-1: An update that solves eight vulnerabilities, contains one feature and has 11 security fixes can now be installed.

Category: security (moderate)
Bug References: 1008037, 1008038, 1010940, 1019021, 1038785, 1059235, 1099805, 1166389, 1171823, 1174145, 1174302, 1175993, 1177948, 1216854, 1219002, 1219887, 1219912, 1220371, 1221092
CVE References: CVE-2016-8647, CVE-2016-9587, CVE-2017-7550, CVE-2018-10874, CVE-2020-14365, CVE-2023-5764, CVE-2023-6152, CVE-2024-0690
Jira References: MSQA-759
Maintenance Incident: [SUSE:Maintenance:33400](https://smelt.suse.de/incident/33400/)
Sources used:
SUSE Manager Client Tools Beta for SLE 15 (src):
 ansible-2.9.27-159000.3.12.2, spacecmd-5.0.5-159000.6.48.2, grafana-9.5.16-159000.4.30.2, supportutils-plugin-susemanager-client-5.0.3-159000.6.21.2, uyuni-tools-0.1.7-159000.3.8.1, POS_Image-Graphical7-0.1.1710765237.46af599-159000.3.24.2, dracut-saltboot-0.1.1710765237.46af599-159000.3.33.2, spacewalk-client-tools-5.0.4-159000.6.54.2, POS_Image-JeOS7-0.1.1710765237.46af599-159000.3.24.2
SUSE Manager Client Tools Beta for SLE Micro 5 (src):
 golang-github-prometheus-node_exporter-1.5.0-159000.6.2.1, uyuni-tools-0.1.7-159000.3.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Maintenance Automation 2024-05-06 12:31:06 UTC 
SUSE-SU-2024:1509-1: An update that solves 15 vulnerabilities, contains one feature and has four security fixes can now be installed.

Category: security (important)
Bug References: 1008037, 1008038, 1010940, 1019021, 1038785, 1059235, 1099805, 1166389, 1171823, 1174145, 1174302, 1175993, 1177948, 1216854, 1219002, 1219912, 1221092, 1221465, 1222155
CVE References: CVE-2016-8614, CVE-2016-8628, CVE-2016-8647, CVE-2016-9587, CVE-2017-7550, CVE-2018-10874, CVE-2020-10744, CVE-2020-14330, CVE-2020-14332, CVE-2020-14365, CVE-2020-1753, CVE-2023-5764, CVE-2023-6152, CVE-2024-0690, CVE-2024-1313
Jira References: MSQA-760
Maintenance Incident: [SUSE:Maintenance:33434](https://smelt.suse.de/incident/33434/)
Sources used:
openSUSE Leap 15.5 (src):
 spacecmd-4.3.27-150000.3.116.2, POS_Image-JeOS7-0.1.1710765237.46af599-150000.1.21.2, ansible-2.9.27-150000.1.17.2, POS_Image-Graphical7-0.1.1710765237.46af599-150000.1.21.2, dracut-saltboot-0.1.1710765237.46af599-150000.1.53.2, golang-github-prometheus-promu-0.14.0-150000.3.18.2
SUSE Manager Client Tools for SLE 15 (src):
 POS_Image-JeOS7-0.1.1710765237.46af599-150000.1.21.2, ansible-2.9.27-150000.1.17.2, spacewalk-client-tools-4.3.19-150000.3.89.2, uyuni-common-libs-4.3.10-150000.1.39.2, uyuni-proxy-systemd-services-4.3.12-150000.1.21.2, mgr-daemon-4.3.9-150000.1.47.2, spacewalk-koan-4.3.6-150000.3.33.2, spacecmd-4.3.27-150000.3.116.2, POS_Image-Graphical7-0.1.1710765237.46af599-150000.1.21.2, dracut-saltboot-0.1.1710765237.46af599-150000.1.53.2, grafana-9.5.18-150000.1.63.2
SUSE Manager Client Tools for SLE Micro 5 (src):
 uyuni-proxy-systemd-services-4.3.12-150000.1.21.2, dracut-saltboot-0.1.1710765237.46af599-150000.1.53.2
SUSE Package Hub 15 15-SP5 (src):
 golang-github-prometheus-promu-0.14.0-150000.3.18.2
SUSE Manager Proxy 4.3 Module 4.3 (src):
 ansible-2.9.27-150000.1.17.2, uyuni-proxy-systemd-services-4.3.12-150000.1.21.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.