{"id":"CVE-2016-3096","details":"The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.","aliases":["GHSA-rh6x-qvg7-rrmj","PYSEC-2016-1"],"modified":"2026-04-09T04:38:16.067442Z","published":"2016-06-03T14:59:04.263Z","related":["MGASA-2016-0163","openSUSE-SU-2024:10326-1","openSUSE-SU-2024:14244-1","openSUSE-SU-2024:14536-1","openSUSE-SU-2025:15605-1","openSUSE-SU-2025:15753-1"],"references":[{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0"},{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYig"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html"},{"type":"ADVISORY","url":"https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201607-14"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1322925"},{"type":"FIX","url":"https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away"},{"type":"FIX","url":"https://github.com/ansible/ansible-modules-extras/pull/1941"},{"type":"FIX","url":"https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ansible/ansible","events":[{"introduced":"0"},{"last_affected":"7644312b20ba0a18eb12fe31d0fbddf656c2ce5e"},{"introduced":"0"},{"last_affected":"bb6cadefa2d68ed2a668fba14dc027947e043ae5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.6"},{"introduced":"0"},{"last_affected":"2.0.1"}]}}],"versions":["0.0.1","0.01","0.3","0.7","v1.0","v1.1","v1.2","v1.4.0","v1.6.0","v1.9.0-0.1.rc1","v1.9.0-0.2.rc2","v1.9.0-1","v1.9.0-2","v1.9.0.1-1","v1.9.1-0.1.rc1","v1.9.1-0.2.rc2","v1.9.1-0.3.rc3","v1.9.1-0.4.rc4","v1.9.1-1","v1.9.2-0.1.rc1","v1.9.2-0.2.rc2","v1.9.2-1","v1.9.3-0.1.rc1","v1.9.3-0.2.rc2","v1.9.3-0.3.rc3","v1.9.3-1","v1.9.4-0.1.rc1","v1.9.4-0.2.rc2","v1.9.4-0.3.rc3","v1.9.4-1","v1.9.5-0.1.rc1","v1.9.5-1","v1.9.6-0.1.rc1","v1.9.6-1","v2.0.0-0.1.alpha1","v2.0.0-0.2.alpha2","v2.0.0-0.3.beta1","v2.0.0-0.4.beta2","v2.0.0-0.5.beta3","v2.0.0-0.6.rc1","v2.0.0-0.7.rc2","v2.0.0-0.8.rc3","v2.0.0-0.9.rc4","v2.0.1.0-0.2.rc2","v2.0.1.0-1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3096.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"22"}]},{"events":[{"introduced":"0"},{"last_affected":"23"}]},{"events":[{"introduced":"0"},{"last_affected":"24"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}