Vulnerabilities > CVE-2017-5200 - Unspecified vulnerability in Saltstack Salt

#
# (C) Tenable Network Security, Inc.
#


# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2018-1.0-0106. The text
# itself is copyright (C) VMware, Inc.


include('compat.inc');

if (description)
{
  script_id(121806);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2019/03/08");

  script_cve_id(
    "CVE-2017-5192",
    "CVE-2017-5200",
    "CVE-2017-8109",
    "CVE-2017-12791",
    "CVE-2017-14695",
    "CVE-2017-14696"
  );

  script_name(english:"Photon OS 1.0: Salt PHSA-2018-1.0-0106");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote PhotonOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"An update of the salt package has been released.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-106.md");
  script_set_attribute(attribute:"solution", value:
"Update the affected Linux packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5200");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:salt");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

if (rpm_check(release:"PhotonOS-1.0", reference:"salt-2017.7.2-1.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"salt-api-2017.7.2-1.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"salt-cloud-2017.7.2-1.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"salt-master-2017.7.2-1.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"salt-minion-2017.7.2-1.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"salt-proxy-2017.7.2-1.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"salt-spm-2017.7.2-1.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"salt-ssh-2017.7.2-1.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"salt-syndic-2017.7.2-1.ph1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "salt");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-388.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(109293);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2016-9639", "CVE-2017-12791", "CVE-2017-14695", "CVE-2017-14696", "CVE-2017-5200");
  script_xref(name:"IAVB", value:"2017-B-0112-S");

  script_name(english:"openSUSE Security Update : salt (openSUSE-2018-388)");
  script_summary(english:"Check for the openSUSE-2018-388 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for salt fixes the following issues :

  - [Regression] Permission problem: salt-ssh minion
    boostrap doesn't work anymore. (bsc#1027722)

  - wrong use of os_family string for Suse in the locale
    module and others (bsc#1038855)

  - Cannot bootstrap a host using 'Manage system completely
    via SSH (will not install an agent)' (bsc#1002529)

  - add user to or replace members of group not working with
    SLES11 SPx (bsc#978150)

  - SLES-12-GA client fail to start salt minion (SUSE
    MANAGER 3.0) (bsc#991048)

  - salt pkg.latest raises exception if package is not
    availible (bsc#1012999)

  - pkg.list_products on 'registerrelease' and 'productline'
    returns boolean.False if empty (bsc#989193)

  - SLES-12-SP1 salt-minion clients has no Base Channel
    added by default (bsc#986019)

  - 'The system requires a reboot' does not disappear from
    web-UI despite the reboot (bsc#1017078)

  - Remove option -f from startproc (bsc#975733)

  - [PYTHON2] package salt-minion requires /usr/bin/python
    (bsc#1081592)

  - Upgrading packages on RHEL6/7 client fails (bsc#1068566)

  - /var/log/salt has insecure permissions (bsc#1071322)

  - [Minion-bootstrapping] Invalid char cause server
    (salt-master ERROR) (bsc#1011304)

  - CVE-2016-9639: Possible information leak due to revoked
    keys still being used (bsc#1012398)

  - Bootstrapping SLES12 minion invalid (bsc#1053376)

  - Minions not correctly onboarded if Proxy has multiple
    FQDNs (bsc#1063419)

  - salt --summary '*' <function> reporting '# of minions
    that did not return' wrongly (bsc#972311)

  - RH-L3 SALT - Stacktrace if nscd package is not present
    when using nscd state (bsc#1027044)

  - Inspector broken: no module 'query' or 'inspector' while
    querying or inspecting (bsc#989798)

  - [ Regression ]Centos7 Minion remote command execution
    from gui or cli , minion not responding (bsc#1027240)

  - SALT, minion_id generation doesn't match the newhostname
    (bsc#967803)

  - Salt API server shuts down when SSH call with no matches
    is issued (bsc#1004723)

  - /var/log/salt/minion fails logrotate (bsc#1030009)

  - Salt proxy test.ping crashes (bsc#975303)

  - salt master flood log with useless messages (bsc#985661)

  - After bootstrap salt client has deprecation warnings
    (bsc#1041993)

  - Head: salt 2017.7.2 starts salt-master as user root
    (bsc#1064520)

  - CVE-2017-12791: Maliciously crafted minion IDs can cause
    unwanted directory traversals on the Salt-master
    (bsc#1053955)

  - salt-2017.7.2 - broken %post script for salt-master
    (bsc#1079048)

  - Tearing down deployment with SaltStack Kubernetes module
    always shows error (bsc#1059291)

  - lvm.vg_present does not recognize PV with certain LVM
    filter settings. (bsc#988506)

  - High state fails: No service execution module loaded:
    check support for service (bsc#1065792)

  - When multiple versions of a package are installed on a
    minion, patch status may vary (bsc#972490)

  - Salt cp.push does not work on SUMA 3.2 Builds because of
    python3.4 (bsc#1075950)

  - timezone modue does not update /etc/sysconfig/clock
    (bsc#1008933)

  - Add patches to salt to support SUSE Manager scalability
    features (bsc#1052264)

  - salt-minion failed to start on minimal RHEL6 because of
    DBus exception during load of snapper module
    (bsc#993039)

  - Permission denied: '/var/run/salt-master.pid'
    (bsc#1050003)

  - Jobs scheduled to run at a future time stay pending for
    Salt minions (bsc#1036125)

  - Backport kubernetes-modules to salt (bsc#1051948)

  - After highstate: The minion function caused an exception
    (bsc#1068446)

  - VUL-0: CVE-2017-14695: salt: directory traversal
    vulnerability in minion id validation (bsc#1062462)

  - unable to update salt-minion on RHEL (bsc#1022841)

  - Nodes run out of memory due to salt-minion process
    (bsc#983512)

  - [Proxy] 'Broken pipe' during bootstrap of salt minion
    (bsc#1039370)

  - incorrect return code from /etc/rc.d/salt-minion
    (bsc#999852)

  - CVE-2017-5200: Salt-ssh via api let's run arbitrary
    commands as user salt (bsc#1011800)

  - beacons.conf on salt-minion not processed (bsc#1060230)

  - SLES11 SP3 salt-minion Client Cannot Select Base Channel
    (bsc#975093)

  - salt-ssh sys.doc gives authentication failure without
    arguments (bsc#1019386)

  - minion bootstrapping: error when bootstrap SLE11 clients
    (bsc#990439)

  - Certificate Deployment Fails for SLES11 SP3 Clients
    (bsc#975757)

  - state.module run() does not translate varargs
    (bsc#1025896)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1002529"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1004723"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008933"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1011304"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1011800"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012398"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012999"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1017078"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019386"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1025896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027044"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027240"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1030009"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036125"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038855"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1039370"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1041993"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050003"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051948"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052264"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053955"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1059291"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060230"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1062462"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064520"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068446"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068566"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071322"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079048"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081592"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=972311"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=972490"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975093"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975303"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975733"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975757"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=978150"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=983512"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=985661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=986019"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=988506"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989193"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989798"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=990439"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=991048"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993039"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=999852"
  );
  # https://features.opensuse.org/320559
  script_set_attribute(
    attribute:"see_also",
    value:"https://features.opensuse.org/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected salt packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python2-salt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-salt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-bash-completion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-cloud");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-fish-completion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-master");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-minion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-ssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-syndic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-zsh-completion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/24");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"python2-salt-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"python3-salt-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-api-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-bash-completion-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-cloud-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-fish-completion-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-master-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-minion-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-proxy-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-ssh-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-syndic-2018.3.0-17.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"salt-zsh-completion-2018.3.0-17.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python2-salt / python3-salt / salt / salt-api / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:1581-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(100907);
  script_version("3.9");
  script_cvs_date("Date: 2019/09/11 11:22:15");

  script_cve_id("CVE-2017-5200", "CVE-2017-8109");

  script_name(english:"SUSE SLES11 Security Update : Salt (SUSE-SU-2017:1581-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for salt provides version 2016.11.4 and brings various
fixes and improvements :

  - Adding a salt-minion watchdog for RHEL6 and SLES11
    systems (sysV) to restart salt-minion in case of crashes
    during upgrade.

  - Fix format error. (bsc#1043111)

  - Fix ownership for whole master cache directory.
    (bsc#1035914)

  - Disable 3rd party runtime packages to be explicitly
    recommended. (bsc#1040886)

  - Fix insecure permissions in salt-ssh temporary files.
    (bsc#1035912, CVE-2017-8109)

  - Disable custom rosters for Salt SSH via Salt API.
    (bsc#1011800, CVE-2017-5200)

  - Orchestrate and batches don't return false failed
    information anymore.

  - Speed-up cherrypy by removing sleep call.

  - Fix os_family grains on SUSE. (bsc#1038855)

  - Fix setting the language on SUSE systems. (bsc#1038855)

  - Use SUSE specific salt-api.service. (bsc#1039370)

  - Fix using hostname for minion ID as '127'.

  - Fix core grains constants for timezone. (bsc#1032931)

  - Minor fixes on new pkg.list_downloaded.

  - Listing all type of advisory patches for Yum module.

  - Prevents zero length error on Python 2.6.

  - Fixes zypper test error after backporting.

  - Raet protocol is no longer supported. (bsc#1020831)

  - Fix moving SSH data to the new home. (bsc#1027722)

  - Fix logrotating /var/log/salt/minion. (bsc#1030009)

  - Fix result of master_tops extension is mutually
    overwritten. (bsc#1030073)

  - Allows to set 'timeout' and 'gather_job_timeout' via
    kwargs.

  - Allows to set custom timeouts for 'manage.up' and
    'manage.status'.

  - Use salt's ordereddict for comparison.

  - Fix scripts for salt-proxy.

  - Add openscap module.

  - File.get_managed regression fix.

  - Fix translate variable arguments if they contain hidden
    keywords. (bsc#1025896)

  - Added unit test for dockerng.sls_build dryrun.

  - Added dryrun to dockerng.sls_build.

  - Update dockerng minimal version requirements.

  - Fix format error in error parsing.

  - Keep fix for migrating salt home directory.
    (bsc#1022562)

  - Fix salt pkg.latest raises exception if package is not
    available. (bsc#1012999)

  - Timezone should always be in UTC. (bsc#1017078)

  - Fix timezone handling for rpm installtime. (bsc#1017078)

  - Increasing timeouts for running integrations tests.

  - Add buildargs option to dockerng.build module.

  - Fix error when missing ssh-option parameter.

  - Re-add yum notify plugin.

  - All kwargs to dockerng.create to provide all features to
    sls_build as well.

  - Datetime should be returned always in UTC.

  - Fix possible crash while deserialising data on infinite
    recursion in scheduled state. (bsc#1036125)

  - Documentation refresh to 2016.11.4

  - For a detailed description, please refer to :

  +
    https://docs.saltstack.com/en/develop/topics/releases/20
    16.11.4.html

  +
    https://docs.saltstack.com/en/develop/topics/releases/20
    16.11.3.html

  +
    https://docs.saltstack.com/en/develop/topics/releases/20
    16.11.2.html

  +
    https://docs.saltstack.com/en/develop/topics/releases/20
    16.11.1.html

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1011800"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1012999"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1017078"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1020831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022562"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1025896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1027240"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1027722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1030009"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1030073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1032931"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1035912"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1035914"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1036125"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1038855"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1039370"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1040584"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1040886"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1043111"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-5200/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-8109/"
  );
  # https://www.suse.com/support/update/announcement/2017/suse-su-20171581-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?632f8742"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:zypper in -t patch
slesctsp4-salt-201705-13150=1

SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:zypper in -t patch
slesctsp3-salt-201705-13150=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:salt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:salt-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:salt-minion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"4", reference:"salt-2016.11.4-42.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"salt-doc-2016.11.4-42.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"salt-minion-2016.11.4-42.2")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"salt-2016.11.4-42.2")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"salt-doc-2016.11.4-42.2")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"salt-minion-2016.11.4-42.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Salt");
}

#
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2/7/2019
#

# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2018-1.0-0106. The text
# itself is copyright (C) VMware, Inc.

include("compat.inc");

if (description)
{
  script_id(111917);
  script_version("1.2");
  script_cvs_date("Date: 2019/02/07 18:59:50");

  script_cve_id(
    "CVE-2017-5192",
    "CVE-2017-5200",
    "CVE-2017-8109",
    "CVE-2017-12791",
    "CVE-2017-14695",
    "CVE-2017-14696"
  );

  script_name(english:"Photon OS 1.0: Salt PHSA-2018-1.0-0106 (deprecated)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"This plugin has been deprecated.");
  script_set_attribute(attribute:"description", value:
"An update of 'salt' packages of Photon OS has been released.");
  # https://github.com/vmware/photon/wiki/Security-Updates-1.0-106
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fcabba66");
  script_set_attribute(attribute:"solution", value:"n/a.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5200");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:salt");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

exit(0, "This plugin has been deprecated.");

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

pkgs = [
  "salt-2017.7.2-1.ph1",
  "salt-api-2017.7.2-1.ph1",
  "salt-cloud-2017.7.2-1.ph1",
  "salt-master-2017.7.2-1.ph1",
  "salt-minion-2017.7.2-1.ph1",
  "salt-proxy-2017.7.2-1.ph1",
  "salt-spm-2017.7.2-1.ph1",
  "salt-ssh-2017.7.2-1.ph1",
  "salt-syndic-2017.7.2-1.ph1"
];

foreach (pkg in pkgs)
  if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "salt");
}