Arch Linux update for salt

Published: 2020-05-05 | Updated: 2024-03-22

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2020-11651 CVE-2020-11652
CWE-ID	CWE-287 CWE-22
Exploitation vector	Network
Public exploit	Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild.
Vulnerable software Subscribe	Arch Linux Operating systems & Components / Operating system
Vendor	Arch Linux

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Authentication

EUVDB-ID: #VU27494

Risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-11651

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the salt-master process "ClearFuncs" class does not properly validate method calls. A remote non-authenticated attacker can bypass authentication process and gain access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minion as root.

Note: this vulnerability is being actively exploited in the wild.

Mitigation

Update the affected package salt to version 2019.2.4-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-202005-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Path traversal

EUVDB-ID: #VU27495

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-11652

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')