Multiple vulnerabilities in SaltStack
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2016-9639 CVE-2017-12791 CVE-2017-14695 CVE-2017-14696 CVE-2017-5200 |
| CWE-ID | CWE-284 CWE-22 CWE-20 CWE-77 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Salt Web applications / Remote management & hosting panels |
| Vendor | SaltStack |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU12733
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9639
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to improper access control. A remote attacker can read or write to minions with the same id, related to caching.
Update to version 2015.8.11.
Vulnerable software versionsSalt: 2015.8.0 - 2015.8.10
External linkshttp://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU12734
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12791
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in minion id validation due to path traversal. A remote attacker with incorrect credentials can authenticate to a master via a crafted minion ID.
Update to version 2016.11.7 or 2017.7.1 .
Vulnerable software versionsSalt: 2016.11.0 - 2017.7.0
External linkshttp://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
http://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU12735
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14695
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in minion id validation due to path traversal. A remote attacker with incorrect credentials can authenticate to a master via a crafted minion ID.
Update to versions 2016.3.8, 2016.11.8 or 2017.7.2.
Vulnerable software versionsSalt: 2016.3.0 - 2017.7.1
External linkshttp://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
http://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
http://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU12736
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14696
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper input validation. A remote attacker can submit a specially crafted authentication request and cause the service to crash.
Update to versions 2016.3.8, 2016.11.8 or 2017.7.2.
Vulnerable software versionsSalt: 2016.3.0 - 2017.7.1
External linkshttp://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
http://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
http://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Command injection
EUVDB-ID: #VU12737
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-5200
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The weakness exists in a salt-master due to command injection via Salt's ssh_client. A remote attacker can inject and execute arbitrary commands.
Update to versions 2015.8.13, 2016.3.5 or 2016.11.2.
Vulnerable software versionsSalt: 2015.8.0 - 2016.11.1
External linkshttp://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
http://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
http://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
