Vulnerabilities > CVE-2017-5200 - Unspecified vulnerability in Saltstack Salt

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

saltstack

critical

nessus

NVD

Published: 2017-09-26

Updated: 2019-10-03

Summary

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.

Vulnerable Configurations

Part	Description	Count
Application	Saltstack Saltstack Salt 0.6.0 Saltstack Salt 0.7.0 Saltstack Salt 0.8.0 Saltstack Salt 0.8.7 Saltstack Salt 0.8.8 Saltstack Salt 0.8.9 Saltstack Salt 0.9.0 Saltstack Salt 0.9.1 Saltstack Salt 0.9.2 Saltstack Salt 0.9.3 Saltstack Salt 0.9.4 Saltstack Salt 0.9.5 Saltstack Salt 0.9.6 Saltstack Salt 0.9.7 Saltstack Salt 0.9.8 Saltstack Salt 0.9.9 Saltstack Salt 0.10.0 Saltstack Salt 0.10.1 Saltstack Salt 0.10.2 Saltstack Salt 0.10.3 Saltstack Salt 0.10.4 Saltstack Salt 0.10.5 Saltstack Salt 0.11.0 Saltstack Salt 0.11.1 Saltstack Salt 0.12.0 Saltstack Salt 0.12.1 Saltstack Salt 0.13.0 Saltstack Salt 0.13.1 Saltstack Salt 0.13.2 Saltstack Salt 0.13.3 Saltstack Salt 0.14.0 Saltstack Salt 0.14.1 Saltstack Salt 0.15.0 Saltstack Salt 0.15.1 Saltstack Salt 0.15.2 Saltstack Salt 0.15.3 Saltstack Salt 0.15.90 Saltstack Salt 0.16.0 Saltstack Salt 0.16.1 Saltstack Salt 0.16.2 Saltstack Salt 0.16.3 Saltstack Salt 0.16.4 Saltstack Salt 0.17.0 Saltstack Salt 0.17.1 Saltstack Salt 0.17.2 Saltstack Salt 0.17.3 Saltstack Salt 0.17.4 Saltstack Salt 0.17.5 Saltstack Salt 2014.1.0 Saltstack Salt 2014.1.1 Saltstack Salt 2014.1.2 Saltstack Salt 2014.1.3 Saltstack Salt 2014.1.4 Saltstack Salt 2014.1.5 Saltstack Salt 2014.1.6 Saltstack Salt 2014.1.7 Saltstack Salt 2014.1.8 Saltstack Salt 2014.1.9 Saltstack Salt 2014.1.10 Saltstack Salt 2014.1.11 Saltstack Salt 2014.1.12 Saltstack Salt 2014.1.13 Saltstack Salt 2014.7.0 Saltstack Salt 2014.7.1 Saltstack Salt 2014.7.2 Saltstack Salt 2014.7.3 Saltstack Salt 2014.7.4 Saltstack Salt 2014.7.5 Saltstack Salt 2014.7.6 Saltstack Salt 2014.7.7 Saltstack Salt 2014.7.8 Saltstack Salt 2014.7.9 Saltstack Salt 2015.2.0 Saltstack Salt 2015.5.0 Saltstack Salt 2015.5.1 Saltstack Salt 2015.5.2 Saltstack Salt 2015.5.3 Saltstack Salt 2015.5.4 Saltstack Salt 2015.5.5 Saltstack Salt 2015.5.6 Saltstack Salt 2015.5.7 Saltstack Salt 2015.5.8 Saltstack Salt 2015.5.9 Saltstack Salt 2015.5.10 Saltstack Salt 2015.5.11 Saltstack Salt 2015.8.0 Saltstack Salt 2015.8.1 Saltstack Salt 2015.8.2 Saltstack Salt 2015.8.3 Saltstack Salt 2015.8.4 Saltstack Salt 2015.8.5 Saltstack Salt 2015.8.6 Saltstack Salt 2015.8.7 Saltstack Salt 2015.8.8 Saltstack Salt 2015.8.8.2 Saltstack Salt 2015.8.9 Saltstack Salt 2015.8.10 Saltstack Salt 2015.8.11 Saltstack Salt 2015.8.12 Saltstack Salt 2016.3.0 Saltstack Salt 2016.3.1 Saltstack Salt 2016.3.2 Saltstack Salt 2016.3.3 Saltstack Salt 2016.3.4 Saltstack Salt 2016.11.0 Saltstack Salt 2016.11.1 Saltstack Salt 2016.11.2	126

Nessus

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0106_SALT.NASL
description	An update of the salt package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121806
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121806
title	Photon OS 1.0: Salt PHSA-2018-1.0-0106
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0106. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121806); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/03/08"); script_cve_id( "CVE-2017-5192", "CVE-2017-5200", "CVE-2017-8109", "CVE-2017-12791", "CVE-2017-14695", "CVE-2017-14696" ); script_name(english:"Photon OS 1.0: Salt PHSA-2018-1.0-0106"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the salt package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-106.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5200"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:salt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 1\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-api-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-cloud-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-master-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-minion-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-proxy-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-spm-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-ssh-2017.7.2-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"salt-syndic-2017.7.2-1.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "salt"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-388.NASL
description	This update for salt fixes the following issues : - [Regression] Permission problem: salt-ssh minion boostrap doesn
last seen	2020-06-05
modified	2018-04-24
plugin id	109293
published	2018-04-24
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109293
title	openSUSE Security Update : salt (openSUSE-2018-388)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-388. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(109293); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-9639", "CVE-2017-12791", "CVE-2017-14695", "CVE-2017-14696", "CVE-2017-5200"); script_xref(name:"IAVB", value:"2017-B-0112-S"); script_name(english:"openSUSE Security Update : salt (openSUSE-2018-388)"); script_summary(english:"Check for the openSUSE-2018-388 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for salt fixes the following issues : - [Regression] Permission problem: salt-ssh minion boostrap doesn't work anymore. (bsc#1027722) - wrong use of os_family string for Suse in the locale module and others (bsc#1038855) - Cannot bootstrap a host using 'Manage system completely via SSH (will not install an agent)' (bsc#1002529) - add user to or replace members of group not working with SLES11 SPx (bsc#978150) - SLES-12-GA client fail to start salt minion (SUSE MANAGER 3.0) (bsc#991048) - salt pkg.latest raises exception if package is not availible (bsc#1012999) - pkg.list_products on 'registerrelease' and 'productline' returns boolean.False if empty (bsc#989193) - SLES-12-SP1 salt-minion clients has no Base Channel added by default (bsc#986019) - 'The system requires a reboot' does not disappear from web-UI despite the reboot (bsc#1017078) - Remove option -f from startproc (bsc#975733) - [PYTHON2] package salt-minion requires /usr/bin/python (bsc#1081592) - Upgrading packages on RHEL6/7 client fails (bsc#1068566) - /var/log/salt has insecure permissions (bsc#1071322) - [Minion-bootstrapping] Invalid char cause server (salt-master ERROR) (bsc#1011304) - CVE-2016-9639: Possible information leak due to revoked keys still being used (bsc#1012398) - Bootstrapping SLES12 minion invalid (bsc#1053376) - Minions not correctly onboarded if Proxy has multiple FQDNs (bsc#1063419) - salt --summary '*' <function> reporting '# of minions that did not return' wrongly (bsc#972311) - RH-L3 SALT - Stacktrace if nscd package is not present when using nscd state (bsc#1027044) - Inspector broken: no module 'query' or 'inspector' while querying or inspecting (bsc#989798) - [ Regression ]Centos7 Minion remote command execution from gui or cli , minion not responding (bsc#1027240) - SALT, minion_id generation doesn't match the newhostname (bsc#967803) - Salt API server shuts down when SSH call with no matches is issued (bsc#1004723) - /var/log/salt/minion fails logrotate (bsc#1030009) - Salt proxy test.ping crashes (bsc#975303) - salt master flood log with useless messages (bsc#985661) - After bootstrap salt client has deprecation warnings (bsc#1041993) - Head: salt 2017.7.2 starts salt-master as user root (bsc#1064520) - CVE-2017-12791: Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master (bsc#1053955) - salt-2017.7.2 - broken %post script for salt-master (bsc#1079048) - Tearing down deployment with SaltStack Kubernetes module always shows error (bsc#1059291) - lvm.vg_present does not recognize PV with certain LVM filter settings. (bsc#988506) - High state fails: No service execution module loaded: check support for service (bsc#1065792) - When multiple versions of a package are installed on a minion, patch status may vary (bsc#972490) - Salt cp.push does not work on SUMA 3.2 Builds because of python3.4 (bsc#1075950) - timezone modue does not update /etc/sysconfig/clock (bsc#1008933) - Add patches to salt to support SUSE Manager scalability features (bsc#1052264) - salt-minion failed to start on minimal RHEL6 because of DBus exception during load of snapper module (bsc#993039) - Permission denied: '/var/run/salt-master.pid' (bsc#1050003) - Jobs scheduled to run at a future time stay pending for Salt minions (bsc#1036125) - Backport kubernetes-modules to salt (bsc#1051948) - After highstate: The minion function caused an exception (bsc#1068446) - VUL-0: CVE-2017-14695: salt: directory traversal vulnerability in minion id validation (bsc#1062462) - unable to update salt-minion on RHEL (bsc#1022841) - Nodes run out of memory due to salt-minion process (bsc#983512) - [Proxy] 'Broken pipe' during bootstrap of salt minion (bsc#1039370) - incorrect return code from /etc/rc.d/salt-minion (bsc#999852) - CVE-2017-5200: Salt-ssh via api let's run arbitrary commands as user salt (bsc#1011800) - beacons.conf on salt-minion not processed (bsc#1060230) - SLES11 SP3 salt-minion Client Cannot Select Base Channel (bsc#975093) - salt-ssh sys.doc gives authentication failure without arguments (bsc#1019386) - minion bootstrapping: error when bootstrap SLE11 clients (bsc#990439) - Certificate Deployment Fails for SLES11 SP3 Clients (bsc#975757) - state.module run() does not translate varargs (bsc#1025896)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1002529" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1004723" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008933" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1011304" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1011800" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012398" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012999" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1017078" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019386" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022841" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1025896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027044" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027240" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1030009" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036125" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038855" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1039370" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1041993" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050003" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051948" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052264" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053376" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053955" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1059291" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060230" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1062462" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063419" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065792" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068446" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071322" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081592" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967803" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=972311" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=972490" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975093" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975303" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975733" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975757" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=978150" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=983512" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=985661" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=986019" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=988506" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989193" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989798" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=990439" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=991048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993039" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=999852" ); # https://features.opensuse.org/320559 script_set_attribute( attribute:"see_also", value:"https://features.opensuse.org/" ); script_set_attribute(attribute:"solution", value:"Update the affected salt packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python2-salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-cloud"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-fish-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-master"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-minion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-ssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-syndic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:salt-zsh-completion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/24"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"python2-salt-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python3-salt-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-api-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-bash-completion-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-cloud-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-fish-completion-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-master-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-minion-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-proxy-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-ssh-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-syndic-2018.3.0-17.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"salt-zsh-completion-2018.3.0-17.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python2-salt / python3-salt / salt / salt-api / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-1581-1.NASL
description	This update for salt provides version 2016.11.4 and brings various fixes and improvements : - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Fix format error. (bsc#1043111) - Fix ownership for whole master cache directory. (bsc#1035914) - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Fix insecure permissions in salt-ssh temporary files. (bsc#1035912, CVE-2017-8109) - Disable custom rosters for Salt SSH via Salt API. (bsc#1011800, CVE-2017-5200) - Orchestrate and batches don
last seen	2020-06-01
modified	2020-06-02
plugin id	100907
published	2017-06-20
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100907
title	SUSE SLES11 Security Update : Salt (SUSE-SU-2017:1581-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1581-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(100907); script_version("3.9"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2017-5200", "CVE-2017-8109"); script_name(english:"SUSE SLES11 Security Update : Salt (SUSE-SU-2017:1581-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for salt provides version 2016.11.4 and brings various fixes and improvements : - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Fix format error. (bsc#1043111) - Fix ownership for whole master cache directory. (bsc#1035914) - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Fix insecure permissions in salt-ssh temporary files. (bsc#1035912, CVE-2017-8109) - Disable custom rosters for Salt SSH via Salt API. (bsc#1011800, CVE-2017-5200) - Orchestrate and batches don't return false failed information anymore. - Speed-up cherrypy by removing sleep call. - Fix os_family grains on SUSE. (bsc#1038855) - Fix setting the language on SUSE systems. (bsc#1038855) - Use SUSE specific salt-api.service. (bsc#1039370) - Fix using hostname for minion ID as '127'. - Fix core grains constants for timezone. (bsc#1032931) - Minor fixes on new pkg.list_downloaded. - Listing all type of advisory patches for Yum module. - Prevents zero length error on Python 2.6. - Fixes zypper test error after backporting. - Raet protocol is no longer supported. (bsc#1020831) - Fix moving SSH data to the new home. (bsc#1027722) - Fix logrotating /var/log/salt/minion. (bsc#1030009) - Fix result of master_tops extension is mutually overwritten. (bsc#1030073) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs. - Allows to set custom timeouts for 'manage.up' and 'manage.status'. - Use salt's ordereddict for comparison. - Fix scripts for salt-proxy. - Add openscap module. - File.get_managed regression fix. - Fix translate variable arguments if they contain hidden keywords. (bsc#1025896) - Added unit test for dockerng.sls_build dryrun. - Added dryrun to dockerng.sls_build. - Update dockerng minimal version requirements. - Fix format error in error parsing. - Keep fix for migrating salt home directory. (bsc#1022562) - Fix salt pkg.latest raises exception if package is not available. (bsc#1012999) - Timezone should always be in UTC. (bsc#1017078) - Fix timezone handling for rpm installtime. (bsc#1017078) - Increasing timeouts for running integrations tests. - Add buildargs option to dockerng.build module. - Fix error when missing ssh-option parameter. - Re-add yum notify plugin. - All kwargs to dockerng.create to provide all features to sls_build as well. - Datetime should be returned always in UTC. - Fix possible crash while deserialising data on infinite recursion in scheduled state. (bsc#1036125) - Documentation refresh to 2016.11.4 - For a detailed description, please refer to : + https://docs.saltstack.com/en/develop/topics/releases/20 16.11.4.html + https://docs.saltstack.com/en/develop/topics/releases/20 16.11.3.html + https://docs.saltstack.com/en/develop/topics/releases/20 16.11.2.html + https://docs.saltstack.com/en/develop/topics/releases/20 16.11.1.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1011800" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1012999" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1017078" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1020831" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1022562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1025896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1027240" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1027722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1030009" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1030073" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1032931" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1035912" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1035914" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1036125" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1038855" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1039370" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1040584" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1040886" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1043111" ); script_set_attribute( attribute:"see_also", value:"https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html" ); script_set_attribute( attribute:"see_also", value:"https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html" ); script_set_attribute( attribute:"see_also", value:"https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html" ); script_set_attribute( attribute:"see_also", value:"https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-5200/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-8109/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171581-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?632f8742" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:zypper in -t patch slesctsp4-salt-201705-13150=1 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:zypper in -t patch slesctsp3-salt-201705-13150=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:salt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:salt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:salt-minion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/25"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3\|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", reference:"salt-2016.11.4-42.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"salt-doc-2016.11.4-42.2")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"salt-minion-2016.11.4-42.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"salt-2016.11.4-42.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"salt-doc-2016.11.4-42.2")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"salt-minion-2016.11.4-42.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Salt"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0106.NASL
description	An update of 'salt' packages of Photon OS has been released.
last seen	2019-02-08
modified	2019-02-07
plugin id	111917
published	2018-08-17
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=111917
title	Photon OS 1.0: Salt PHSA-2018-1.0-0106 (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0106. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111917); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:50"); script_cve_id( "CVE-2017-5192", "CVE-2017-5200", "CVE-2017-8109", "CVE-2017-12791", "CVE-2017-14695", "CVE-2017-14696" ); script_name(english:"Photon OS 1.0: Salt PHSA-2018-1.0-0106 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of 'salt' packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-1.0-106 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fcabba66"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5200"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:salt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 1\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "salt-2017.7.2-1.ph1", "salt-api-2017.7.2-1.ph1", "salt-cloud-2017.7.2-1.ph1", "salt-master-2017.7.2-1.ph1", "salt-minion-2017.7.2-1.ph1", "salt-proxy-2017.7.2-1.ph1", "salt-spm-2017.7.2-1.ph1", "salt-ssh-2017.7.2-1.ph1", "salt-syndic-2017.7.2-1.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "salt"); }

Summary

Vulnerable Configurations

Nessus

References