tags: ansible exploitoftheday

Ansible Vulnerabilities 2019

Ansible Vulnerabilities 2019

Firo Solutions ansible vulnerabilities

Affecting:

Ansible
Ansible Tower

Summary:

Christmas is closing by and we move in to the christmas feelings
we wanted to write something extra for christmas.
A tool we all love more then santa is Ansible !
Ansible is a opensource tool written in Python
used by system administrators to manage and deploy computer
servers and virtual machines.
Several vulnerabilities has now been reported that affects
ansible.

CVE-2019–14890

A vulnerability has been reported and found in Ansible Tower
which is a project by Red Hat.
A bug was found in Ansible Tower where the RHSM credentials
are saved in plain text in the database
that is available at ‘/api/v2/config’ after applying
the Ansible Tower license. Attackers with this information
could log into RHSM(Red Hat Subscription Management)
and modify licenses and make other changes.
The vulnerability has been given the CVE of CVE-2019–14890
The bug has been reported to redhat and patched in
the following link:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890

CVE-2019–14856

Summary from the github issue
Convert CLI provided passwords to text initially, to
prevent unsafe context being lost when converting
from bytes->text during
post processing of PlayContext.
This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
Update AnsibleUnsafeText and AnsibleUnsafeBytes
to maintain unsafe context by overriding .encode and .decode. This
prevents future issues with to_text, to_bytes, or to_native
removing the unsafe wrapper when converting between string types
(CVE-2019-14856)
Source: https://github.com/ansible/ansible/pull/63351
The patch for this vulnerability has been patched and the
code has changed
bugfixes:

- >
  **security issue** - Convert CLI provided passwords to text initially, to
  prevent unsafe context being lost when converting from bytes->text during
  post processing of PlayContext. This prevents CLI provided passwords from
  being incorrectly templated.
- >
  **security issue** - Update ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes``
  to maintain unsafe context by overriding ``.encode`` and ``.decode``. This
  prevents future issues with ``to_text``, ``to_bytes``, or ``to_native``
  removing the unsafe wrapper when converting between string types.

The vulnerability has been given the CVE of CVE-2019–14856
Pull request:
https://github.com/ansible/ansible/pull/63351/commits

CVE-2019–10217

A vulnerability was found in the gcp_storage_object.py function which cause the a failure when calling the service_account_contents function. The vulnerability has been given the CVE of CVE-2019–10217 The vulnerability was quickly reported to ansible throw a github issue the problem was quickly addressed and patched. https://github.com/ansible/ansible/issues/56269

Ansible Ansible Tower https://github.com/ansible/ansible/issues/56269 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14856
From us all to you all, we from firo wishes you a merry christmas
with a happy anouncement that we have pas over 300 000 unique views
on this blog! We are happy to provide you with this blog
and happily wishes you a merry christmas and a happy new year

If you are using an rss reader you can subscribe to the blog here:
https://blog.firosolutions.com/exploits/index.xml
https://blog.firosolutions.com/posts/index.xml