CVE-2016-3096

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-3096
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3096.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-3096
Aliases
Related
Published
2016-06-03T14:59:04Z
Modified
2024-11-02T04:47:16.289382Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The createscript function in the lxccontainer module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

References

Affected packages

Debian:11 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.1.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.1.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.1.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected

Affected versions

0.*

0.0.1
0.0.2
0.01
0.3
0.7

v1.*

v1.0
v1.1
v1.2
v1.4.0
v1.5.0
v1.5.1
v1.6.0
v1.9.0-0.1.rc1
v1.9.0-0.2.rc2
v1.9.0-1
v1.9.0-2
v1.9.0.1-1
v1.9.1-0.1.rc1
v1.9.1-0.2.rc2
v1.9.1-0.3.rc3
v1.9.1-0.4.rc4
v1.9.1-1
v1.9.2-0.1.rc1
v1.9.2-0.2.rc2
v1.9.2-1
v1.9.3-0.1.rc1
v1.9.3-0.2.rc2
v1.9.3-0.3.rc3
v1.9.3-1
v1.9.4-0.1.rc1
v1.9.4-0.2.rc2
v1.9.4-0.3.rc3
v1.9.4-1
v1.9.5-0.1.rc1
v1.9.5-1
v1.9.6-0.1.rc1
v1.9.6-1

Other

v1_last

v2.*

v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.0.0-0.6.rc1
v2.0.0-0.7.rc2
v2.0.0-0.8.rc3
v2.0.0-0.9.rc4
v2.0.1.0-0.2.rc2
v2.0.1.0-1