CVE-2016-3096
Last modified
CVE-2016-3096 is a vulnerability of currently unknown severity. The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.
Description
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 22 |
| Fedoraproject | Fedora | 23 |
| Fedoraproject | Fedora | 24 |
| Redhat | Ansible | <= 1.9.6 |
| Redhat | Ansible | 2.0 |
| Redhat | Ansible | 2.0.1 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1322925Issue Tracking
- https://security.gentoo.org/glsa/201607-14Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1322925Issue Tracking
- https://security.gentoo.org/glsa/201607-14Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-3096?
How severe is CVE-2016-3096?
How do I fix CVE-2016-3096?
Are you affected by CVE-2016-3096?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST