Vulnerabilities > CVE-2017-14696 - Improper Input Validation vulnerability in Saltstack Salt
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-3381-1.NASL description This update for salt fixes one security issue and bugs. The following security issues have been fixed : - CVE-2017-14695: A directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. (bsc#1062462) - CVE-2017-14696: It was possible to force a remote Denial of Service with a specially crafted authentication request. (bsc#1062464) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 105480 published 2017-12-28 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105480 title SUSE SLES11 Security Update : Salt (SUSE-SU-2017:3381-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:3381-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(105480); script_version("3.6"); script_cvs_date("Date: 2019/09/11 11:22:17"); script_cve_id("CVE-2017-14695", "CVE-2017-14696"); script_name(english:"SUSE SLES11 Security Update : Salt (SUSE-SU-2017:3381-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for salt fixes one security issue and bugs. The following security issues have been fixed : - CVE-2017-14695: A directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. (bsc#1062462) - CVE-2017-14696: It was possible to force a remote Denial of Service with a specially crafted authentication request. (bsc#1062464) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1041993" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1042749" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1050003" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1059291" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1059758" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1060230" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1062462" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1062464" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=985112" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14695/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14696/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20173381-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?af85837f" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:zypper in -t patch slesctsp4-salt-13382=1 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:zypper in -t patch slesctsp3-salt-13382=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:salt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:salt-minion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", reference:"salt-2016.11.4-43.10.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"salt-doc-2016.11.4-43.10.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"salt-minion-2016.11.4-43.10.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"salt-2016.11.4-43.10.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"salt-doc-2016.11.4-43.10.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"salt-minion-2016.11.4-43.10.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Salt"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0106_SALT.NASL description An update of the salt package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121806 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121806 title Photon OS 1.0: Salt PHSA-2018-1.0-0106 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0106. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121806); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/03/08"); script_cve_id( "CVE-2017-5192", "CVE-2017-5200", "CVE-2017-8109", "CVE-2017-12791", "CVE-2017-14695", "CVE-2017-14696" ); script_name(english:"Photon OS 1.0: Salt PHSA-2018-1.0-0106"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the salt package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-106.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5200"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:salt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-api-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-cloud-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-master-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-minion-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-proxy-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-spm-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-ssh-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-syndic-2017.7.2-1.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "salt"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_50127E447B884ADE8E125D57320823F1.NASL description SaltStack reports : Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost ([email protected]). NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. Remote Denial of Service with a specially crafted authentication request. Credit for discovering the security flaw goes to: Julian Brost ([email protected]) last seen 2020-06-01 modified 2020-06-02 plugin id 104759 published 2017-11-27 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104759 title FreeBSD : salt -- multiple vulnerabilities (50127e44-7b88-4ade-8e12-5d57320823f1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(104759); script_version("3.3"); script_cvs_date("Date: 2018/11/10 11:49:46"); script_cve_id("CVE-2017-14695", "CVE-2017-14696"); script_name(english:"FreeBSD : salt -- multiple vulnerabilities (50127e44-7b88-4ade-8e12-5d57320823f1)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "SaltStack reports : Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost ([email protected]). NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. Remote Denial of Service with a specially crafted authentication request. Credit for discovering the security flaw goes to: Julian Brost ([email protected])" ); script_set_attribute( attribute:"see_also", value:"https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html" ); script_set_attribute( attribute:"see_also", value:"https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.8.html" ); # https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e282fff1" ); # https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?eb9d9f53" ); # https://vuxml.freebsd.org/freebsd/50127e44-7b88-4ade-8e12-5d57320823f1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6d13c7fd" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py27-salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py32-salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py33-salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py34-salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py35-salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py36-salt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"py27-salt<2016.11.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"py27-salt>=2017.7.0<2017.7.2")) flag++; if (pkg_test(save_report:TRUE, pkg:"py32-salt<2016.11.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"py32-salt>=2017.7.0<2017.7.2")) flag++; if (pkg_test(save_report:TRUE, pkg:"py33-salt<2016.11.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"py33-salt>=2017.7.0<2017.7.2")) flag++; if (pkg_test(save_report:TRUE, pkg:"py34-salt<2016.11.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"py34-salt>=2017.7.0<2017.7.2")) flag++; if (pkg_test(save_report:TRUE, pkg:"py35-salt<2016.11.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"py35-salt>=2017.7.0<2017.7.2")) flag++; if (pkg_test(save_report:TRUE, pkg:"py36-salt<2016.11.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"py36-salt>=2017.7.0<2017.7.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-388.NASL description This update for salt fixes the following issues : - [Regression] Permission problem: salt-ssh minion boostrap doesn last seen 2020-06-05 modified 2018-04-24 plugin id 109293 published 2018-04-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109293 title openSUSE Security Update : salt (openSUSE-2018-388) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-388. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(109293); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-9639", "CVE-2017-12791", "CVE-2017-14695", "CVE-2017-14696", "CVE-2017-5200"); script_xref(name:"IAVB", value:"2017-B-0112-S"); script_name(english:"openSUSE Security Update : salt (openSUSE-2018-388)"); script_summary(english:"Check for the openSUSE-2018-388 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for salt fixes the following issues : - [Regression] Permission problem: salt-ssh minion boostrap doesn't work anymore. (bsc#1027722) - wrong use of os_family string for Suse in the locale module and others (bsc#1038855) - Cannot bootstrap a host using 'Manage system completely via SSH (will not install an agent)' (bsc#1002529) - add user to or replace members of group not working with SLES11 SPx (bsc#978150) - SLES-12-GA client fail to start salt minion (SUSE MANAGER 3.0) (bsc#991048) - salt pkg.latest raises exception if package is not availible (bsc#1012999) - pkg.list_products on 'registerrelease' and 'productline' returns boolean.False if empty (bsc#989193) - SLES-12-SP1 salt-minion clients has no Base Channel added by default (bsc#986019) - 'The system requires a reboot' does not disappear from web-UI despite the reboot (bsc#1017078) - Remove option -f from startproc (bsc#975733) - [PYTHON2] package salt-minion requires /usr/bin/python (bsc#1081592) - Upgrading packages on RHEL6/7 client fails (bsc#1068566) - /var/log/salt has insecure permissions (bsc#1071322) - [Minion-bootstrapping] Invalid char cause server (salt-master ERROR) (bsc#1011304) - CVE-2016-9639: Possible information leak due to revoked keys still being used (bsc#1012398) - Bootstrapping SLES12 minion invalid (bsc#1053376) - Minions not correctly onboarded if Proxy has multiple FQDNs (bsc#1063419) - salt --summary '*' <function> reporting '# of minions that did not return' wrongly (bsc#972311) - RH-L3 SALT - Stacktrace if nscd package is not present when using nscd state (bsc#1027044) - Inspector broken: no module 'query' or 'inspector' while querying or inspecting (bsc#989798) - [ Regression ]Centos7 Minion remote command execution from gui or cli , minion not responding (bsc#1027240) - SALT, minion_id generation doesn't match the newhostname (bsc#967803) - Salt API server shuts down when SSH call with no matches is issued (bsc#1004723) - /var/log/salt/minion fails logrotate (bsc#1030009) - Salt proxy test.ping crashes (bsc#975303) - salt master flood log with useless messages (bsc#985661) - After bootstrap salt client has deprecation warnings (bsc#1041993) - Head: salt 2017.7.2 starts salt-master as user root (bsc#1064520) - CVE-2017-12791: Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master (bsc#1053955) - salt-2017.7.2 - broken %post script for salt-master (bsc#1079048) - Tearing down deployment with SaltStack Kubernetes module always shows error (bsc#1059291) - lvm.vg_present does not recognize PV with certain LVM filter settings. (bsc#988506) - High state fails: No service execution module loaded: check support for service (bsc#1065792) - When multiple versions of a package are installed on a minion, patch status may vary (bsc#972490) - Salt cp.push does not work on SUMA 3.2 Builds because of python3.4 (bsc#1075950) - timezone modue does not update /etc/sysconfig/clock (bsc#1008933) - Add patches to salt to support SUSE Manager scalability features (bsc#1052264) - salt-minion failed to start on minimal RHEL6 because of DBus exception during load of snapper module (bsc#993039) - Permission denied: '/var/run/salt-master.pid' (bsc#1050003) - Jobs scheduled to run at a future time stay pending for Salt minions (bsc#1036125) - Backport kubernetes-modules to salt (bsc#1051948) - After highstate: The minion function caused an exception (bsc#1068446) - VUL-0: CVE-2017-14695: salt: directory traversal vulnerability in minion id validation (bsc#1062462) - unable to update salt-minion on RHEL (bsc#1022841) - Nodes run out of memory due to salt-minion process (bsc#983512) - [Proxy] 'Broken pipe' during bootstrap of salt minion (bsc#1039370) - incorrect return code from /etc/rc.d/salt-minion (bsc#999852) - CVE-2017-5200: Salt-ssh via api let's run arbitrary commands as user salt (bsc#1011800) - beacons.conf on salt-minion not processed (bsc#1060230) - SLES11 SP3 salt-minion Client Cannot Select Base Channel (bsc#975093) - salt-ssh sys.doc gives authentication failure without arguments (bsc#1019386) - minion bootstrapping: error when bootstrap SLE11 clients (bsc#990439) - Certificate Deployment Fails for SLES11 SP3 Clients (bsc#975757) - state.module run() does not translate varargs (bsc#1025896)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1002529" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1004723" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008933" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1011304" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1011800" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012398" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012999" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1017078" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019386" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022841" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1025896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027044" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027240" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1030009" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036125" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038855" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1039370" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1041993" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050003" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051948" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052264" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053376" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053955" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1059291" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060230" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1062462" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063419" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065792" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068446" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071322" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081592" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967803" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=972311" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=972490" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975093" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975303" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975733" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975757" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=978150" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=983512" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=985661" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=986019" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=988506" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989193" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989798" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=990439" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=991048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993039" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=999852" ); # https://features.opensuse.org/320559 script_set_attribute( attribute:"see_also", value:"https://features.opensuse.org/" ); script_set_attribute(attribute:"solution", value:"Update the affected salt packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python2-salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-cloud"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-fish-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-master"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-minion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-ssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-syndic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-zsh-completion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"python2-salt-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python3-salt-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-api-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-bash-completion-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-cloud-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-fish-completion-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-master-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-minion-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-proxy-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-ssh-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-syndic-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-zsh-completion-2018.3.0-17.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python2-salt / python3-salt / salt / salt-api / etc"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0106.NASL description An update of 'salt' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 111917 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111917 title Photon OS 1.0: Salt PHSA-2018-1.0-0106 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0106. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111917); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:50"); script_cve_id( "CVE-2017-5192", "CVE-2017-5200", "CVE-2017-8109", "CVE-2017-12791", "CVE-2017-14695", "CVE-2017-14696" ); script_name(english:"Photon OS 1.0: Salt PHSA-2018-1.0-0106 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of 'salt' packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-1.0-106 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fcabba66"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5200"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:salt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "salt-2017.7.2-1.ph1", "salt-api-2017.7.2-1.ph1", "salt-cloud-2017.7.2-1.ph1", "salt-master-2017.7.2-1.ph1", "salt-minion-2017.7.2-1.ph1", "salt-proxy-2017.7.2-1.ph1", "salt-spm-2017.7.2-1.ph1", "salt-ssh-2017.7.2-1.ph1", "salt-syndic-2017.7.2-1.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "salt"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1183.NASL description Salt was updated to 2017.7.2 and also to fix various bugs and security issues. See the following resources for the full changelog: https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html Security issues fixed : - CVE-2017-14695: A directory traversal during minion id validation was fixed. (boo#1062462) - CVE-2017-14696: A remote denial of service attack with a specially crafted authentication request was fixed. (boo#1062464) - CVE-2017-12791: crafted minion ID could lead directory traversal on the Salt-master (boo#1053955) Non security issues fixed : - Add possibility to generate _version.py at the build time for raw builds: https://github.com/saltstack/salt/pull/43955 - Fix salt target-type field returns last seen 2020-06-05 modified 2017-10-23 plugin id 104087 published 2017-10-23 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104087 title openSUSE Security Update : salt (openSUSE-2017-1183) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1182.NASL description Salt was updated to 2017.7.2 and also to fix various bugs and security issues. See https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html for full changelog. Security issues fixed : - CVE-2017-14695: A directory traversal during minion id validation was fixed. (boo#1062462) - CVE-2017-14696: A remote denial of service attack with a specially crafted authentication request was fixed. (boo#1062464) Non security issues fixed : - Add possibility to generate _version.py at the build time for raw builds: https://github.com/saltstack/salt/pull/43955 - Fix salt target-type field returns last seen 2020-06-05 modified 2017-10-23 plugin id 104086 published 2017-10-23 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104086 title openSUSE Security Update : salt (openSUSE-2017-1182)
References
- https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b
- https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
- https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
- https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1500742
- http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
- http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html