oss-sec mailing list archives

CVE request: ansible zone/chroot/jail escape

From: Martin Carpenter <mcarpenter () free fr>
Date: Tue, 14 Jul 2015 12:53:58 +0200

Hi,

I recently found a symlink attack that enables a malicious
zone/chroot/jail managed by ansible to escape into the managing host.
This was fixed in ansible 1.9.2 (commit list below, see
https://github.com/ansible/ansible).

I am not an ansible committer but Toshio requested I follow up. I
understand that a request was made by Toshio to CVE-assign on 1st July
but no response was received. The commits are already public and it has
been announced on ansible's security page:
http://www.ansible.com/security.

Could a CVE please be assigned to this issue?


Thanks,

Martin.


commit 548a7288a90c49e9b50ccf197da307eae525b899
Author: Toshio Kuratomi <toshio () fedoraproject org>
Date:   Wed Jun 24 01:00:22 2015 -0700

    Use BUFSIZE when putting file as well as fetching file.

commit 270be6a6f5852c5563976f060c80eff64decc89c
Author: Toshio Kuratomi <toshio () fedoraproject org>
Date:   Tue Jun 23 22:27:45 2015 -0700

    Fix exec_command to not use a shell

commit 952166f48eb0f5797b75b160fd156bbe1e8fc647
Author: Toshio Kuratomi <toshio () fedoraproject org>
Date:   Mon Jun 22 20:07:29 2015 -0700

    Fix problem with chroot connection plugins and symlinks from within
the chroot.

commit 0777d025051bf5cf3092aa79a9e6b67cec7064dd
Author: Toshio Kuratomi <toshio () fedoraproject org>
Date:   Fri Jun 19 11:09:48 2015 -0700

    Fix problem with jail and zone connection plugins and symlinks from
within the jail/zone.

commit ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b
Author: Toshio Kuratomi <toshio () fedoraproject org>
Date:   Fri Jun 19 09:41:48 2015 -0700

    Fix problem with jail and zone connection plugins and symlinks from
within the jail/zone.

Current thread:

CVE request: ansible zone/chroot/jail escape Martin Carpenter (Jul 14)
- Re: CVE request: ansible zone/chroot/jail escape cve-assign (Aug 17)