Multiple vulnerabilities in SaltStack



Risk Low
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2016-9639
CVE-2017-12791
CVE-2017-14695
CVE-2017-14696
CVE-2017-5200
CWE-ID CWE-284
CWE-22
CWE-20
CWE-77
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Salt
Web applications / Remote management & hosting panels

Vendor SaltStack

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU12733

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-9639

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists due to improper access control. A remote attacker can read or write to minions with the same id, related to caching.

Mitigation

Update to version 2015.8.11.

Vulnerable software versions

Salt: 2015.8.0 - 2015.8.10

CPE2.3 External links

https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU12734

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-12791

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists in minion id validation due to path traversal. A remote attacker with incorrect credentials can authenticate to a master via a crafted minion ID.

Mitigation

Update to version 2016.11.7 or 2017.7.1 .

Vulnerable software versions

Salt: 2016.11.0 - 2017.7.0

CPE2.3 External links

https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Path traversal

EUVDB-ID: #VU12735

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14695

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists in minion id validation due to path traversal. A remote attacker with incorrect credentials can authenticate to a master via a crafted minion ID.

Mitigation

Update to versions 2016.3.8, 2016.11.8 or 2017.7.2.

Vulnerable software versions

Salt: 2016.3.0 - 2017.7.1

CPE2.3 External links

https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU12736

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-14696

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can submit a specially crafted authentication request and cause the service to crash.

Mitigation

Update to versions 2016.3.8, 2016.11.8 or 2017.7.2.

Vulnerable software versions

Salt: 2016.3.0 - 2017.7.1

CPE2.3 External links

https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Command injection

EUVDB-ID: #VU12737

Risk: Low

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-5200

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists in a salt-master due to command injection via Salt's ssh_client. A remote attacker can inject and execute arbitrary commands.

Mitigation

Update to versions 2015.8.13, 2016.3.5 or 2016.11.2.

Vulnerable software versions

Salt: 2015.8.0 - 2016.11.1

CPE2.3 External links

https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###