CVE-2016-3096

Priority
Description
The create_script function in the lxc_container module in Ansible before
1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary
files or gain privileges via a symlink attack on (1)
/opt/.lxc-attach-script, (2) the archived container in the archive_path
directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err
files in the temporary directory.
Notes
Package
Upstream:released (2.0.1.0-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0.0.2-2ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.0.2.0-1)
Patches:
Upstream:https://github.com/ansible/ansible-modules-extras/commit/7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3
More Information

Updated: 2020-09-10 05:09:30 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)