SB2020110947 - Arch Linux update for salt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020110947

SB2020110947 - Arch Linux update for salt

Published: November 9, 2020 Updated: December 12, 2022

Security Bulletin ID SB2020110947
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 33% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) OS Command Injection (CVE-ID: CVE-2020-16846)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in SaltStack Salt when processing API requests. A remote attacker can send specially crafted request to the server and execute arbitrary OS commands on the target system.

Successful exploitation of the vulnerability requires that SSH client is enabled.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Incorrect default permissions (CVE-ID: CVE-2020-17490)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application within the TLS module. A local user with access to the system can view contents of files and directories or modify them.


3) Improper Authentication (CVE-ID: CVE-2020-25592)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing eauth credentials and tokens. A remote attacker can bypass authentication process and invoke Salt SSH.

Successful exploitation of the vulnerability will result in complete system compromise.


Remediation

Install update from vendor's website.

References