CVE-2013-4259 - Vulnerability Details - OpenCVE

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Ansible

Configuration 1 [-]

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.ansible.com/security
https://bugzilla.redhat.com/show_bug.cgi?id=998223
https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-09-16T19:00:00

Updated: 2024-08-06T16:38:01.688Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4259

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-09-16T19:14:39.020

Modified: 2024-11-21T01:55:13.863

Link: CVE-2013-4259

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AB08BC9-0C4C-4A13-AF0C-62BBC479ED79", "versionEndIncluding": "1.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/."}, {"lang": "es", "value": "runner/connection_plugins/ssh.py en Ansible anteriores a v1.2.3 al usar ControlPersist, permite a usuarios locales redirigir una sesi\u00f3n ssh a trav\u00e9s de un ataque de enlaces simb\u00f3licos sobre un archivo de socket con un nombre predecible en /tmp/."}], "id": "CVE-2013-4259", "lastModified": "2024-11-21T01:55:13.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-16T19:14:39.020", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.ansible.com/security"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998223"}, {"source": "secalert@redhat.com", "url": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ansible.com/security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}