SB2017100217 - Multiple vulnerabilities in SaltStack
Published: October 2, 2017
Security Bulletin ID
SB2017100217
Severity
Low
Patch available
YES
Number of vulnerabilities
5
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2016-9639)
The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.The weakness exists due to improper access control. A remote attacker can read or write to minions with the same id, related to caching.
2) Path traversal (CVE-ID: CVE-2017-12791)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists in minion id validation due to path traversal. A remote attacker with incorrect credentials can authenticate to a master via a crafted minion ID.
3) Path traversal (CVE-ID: CVE-2017-14695)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists in minion id validation due to path traversal. A remote attacker with incorrect credentials can authenticate to a master via a crafted minion ID.
4) Improper input validation (CVE-ID: CVE-2017-14696)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper input validation. A remote attacker can submit a specially crafted authentication request and cause the service to crash.
5) Command injection (CVE-ID: CVE-2017-5200)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.The weakness exists in a salt-master due to command injection via Salt's ssh_client. A remote attacker can inject and execute arbitrary commands.
Remediation
Install update from vendor's website.
References
- https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key
- https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
- https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
- https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
- https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
- https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
- https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html