Security News > 2020 > May > Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers
Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments.
Built as a utility to monitor and update the state of servers, Salt employs a master-slave architecture that automates the process of pushing out configuration and software updates from a central repository using a "Master" node that deploys the changes to a target group of "Minions" en masse.
"The vulnerabilities described in this advisory allow an attacker who can connect to the 'request server' port to bypass all authentication and authorization controls and publish arbitrary control messages, read and write files anywhere on the 'master' server filesystem and steal the secret key used to authenticate to the master as root," the researchers said.
Detecting Vulnerable Salt Masters F-Secure researchers said an initial scan revealed more than 6,000 vulnerable Salt instances exposed to the public internet.
"Adding network security controls that restrict access to the salt master to known minions, or at least block the wider Internet, would also be prudent as the authentication and authorization controls provided by Salt are not currently robust enough to be exposed to hostile networks," the researchers said.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/N4rKn8-FX4I/saltstack-rce-vulnerability.html
Related news
- Week in review: Windows Event Log zero-day, exploited critical Jenkins RCE flaw (source)
- Microsoft: New critical Outlook RCE bug exploited as zero-day (source)
- New critical Microsoft Outlook RCE bug is trivial to exploit (source)
- SolarWinds fixes critical RCE bugs in access rights audit solution (source)
- Hackers exploit critical RCE flaw in Bricks WordPress site builder (source)
- ConnectWise urges ScreenConnect admins to patch critical RCE flaw (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)