Multiple vulnerabilities in SaltStack Salt
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2013-6617 CVE-2013-4439 CVE-2013-4435 CVE-2013-4436 CVE-2013-4437 |
| CWE-ID | CWE-264 CWE-287 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Salt Web applications / Remote management & hosting panels |
| Vendor | SaltStack |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU42394
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-6617
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsSalt: 0.11.0 - 0.17.0
External linkshttp://docs.saltstack.com/topics/releases/0.17.1.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU42395
Risk: Low
CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4439
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
MitigationInstall update from vendor's website.
Vulnerable software versionsSalt: 0.15.0 - 0.17.0
External linkshttp://docs.saltstack.com/topics/releases/0.17.1.html
http://www.openwall.com/lists/oss-security/2013/10/18/3
http://github.com/saltstack/salt/pull/7356
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Authentication
EUVDB-ID: #VU42396
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4435
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
MitigationInstall update from vendor's website.
Vulnerable software versionsSalt: 0.15.0 - 0.17.0
External linkshttp://docs.saltstack.com/topics/releases/0.17.1.html
http://www.openwall.com/lists/oss-security/2013/10/18/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU42397
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4436
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSalt: 0.17.0
External linkshttp://docs.saltstack.com/topics/releases/0.17.1.html
http://www.openwall.com/lists/oss-security/2013/10/18/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU42398
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4437
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
MitigationInstall update from vendor's website.
Vulnerable software versionsSalt: 0.17.0
External linkshttp://docs.saltstack.com/topics/releases/0.17.1.html
http://www.openwall.com/lists/oss-security/2013/10/18/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
