Arch Linux Security Advisory ASA-202011-7
========================================
Severity: Critical
Date    : 2020-11-10
CVE-ID  : CVE-2020-16846 CVE-2020-17490 CVE-2020-25592
Package : salt
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1262

Summary
======
The package salt before version 2019.2.7-1 is vulnerable to multiple
issues including arbitrary command execution and access restriction
bypass.

Resolution
=========
Upgrade to 2019.2.7-1.

# pacman -Syu "salt>=2019.2.7-1"

The problems have been fixed upstream in version 2019.2.7.

Workaround
=========
None.

Description
==========
- CVE-2020-16846 (arbitrary command execution)

An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where
an unauthenticated user with network access to the Salt API can use
shell injections to run code on the Salt API using the SSH client.

- CVE-2020-17490 (access restriction bypass)

An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where,
when using the functions create_ca, create_csr, and
create_self_signed_cert in the tls execution module, it will not ensure
the key was created with the correct permissions.

- CVE-2020-25592 (arbitrary command execution)

An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where,
when using the SSH client, an unauthenticated user can gain access to
run commands against targets set in a Salt-SSH roster.

Impact
=====
A remote, unauthenticated user with network access to the Salt API can
execute arbitrary commands.

References
=========
https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/02/2019.2.x.patch
https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/25/2019.2.6.patch
https://security.archlinux.org/CVE-2020-16846
https://security.archlinux.org/CVE-2020-17490
https://security.archlinux.org/CVE-2020-25592

ArchLinux: 202011-7: salt: multiple issues

November 10, 2020

Summary

- CVE-2020-16846 (arbitrary command execution) An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt API using the SSH client.
- CVE-2020-17490 (access restriction bypass)
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the functions create_ca, create_csr, and create_self_signed_cert in the tls execution module, it will not ensure the key was created with the correct permissions.
- CVE-2020-25592 (arbitrary command execution)
An issue has been found in Salt before 3001.3, 3000.5, 2019.2.7 where, when using the SSH client, an unauthenticated user can gain access to run commands against targets set in a Salt-SSH roster.

Resolution

Upgrade to 2019.2.7-1. # pacman -Syu "salt>=2019.2.7-1"
The problems have been fixed upstream in version 2019.2.7.

References

https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/02/2019.2.x.patch https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/25/2019.2.6.patch https://security.archlinux.org/CVE-2020-16846 https://security.archlinux.org/CVE-2020-17490 https://security.archlinux.org/CVE-2020-25592

Severity
Package : salt
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1262

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved