SB2021112302 - Debian update for salt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021112302

SB2021112302 - Debian update for salt

Published: November 23, 2021

Security Bulletin ID SB2021112302
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 50% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2021-21996)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Salt download URL. A local user with control over the file source URL and its source_hash URL can gain full file system access as root on a salt minion.


2) Command Injection (CVE-ID: CVE-2021-31607)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to command injection in the snapper module. A local user can escalate privileges on a minion.


3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2021-25284)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to salt.modules.cmdmod stores sensitive information, such as passwords into the /var/log/salt/minion file. A local user can read the log files and gain access to sensitive data.


4) Code Injection (CVE-ID: CVE-2021-25283)

The vulnerability allows a user attacker to perform server-side template injection attacks.

The vulnerability exists due to improper input validation. A remote user can send a specially crafted request and execute arbitrary code on the target system via the SaltAPI fix directory traversal in wheel.pillar_roots.write (described in #VU50980).



5) Path traversal (CVE-ID: CVE-2021-25282)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the salt.wheel.pillar_roots.write method. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.


6) Improper access control (CVE-ID: CVE-2021-25281)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. The salt-api does not honor eauth credentials for the wheel_async client. A remote attacker can remotely run any wheel modules on the master.


7) OS Command Injection (CVE-ID: CVE-2021-3197)

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the salt-api ssh client. A remote attacker can include the ProxyCommand in an argument, or via ssh_options provided in an API request and execute arbitrary commands on the system.



8) Command Injection (CVE-ID: CVE-2021-3148)

The vulnerability allows a remote user to execute arbitrary commands within the application.

The vulnerability exists due to improper input validation, related to handling single and double quotes, within the salt.utils.thin.gen_thin() function in salt/utils/thin.py. A remote user can send a specially crafted HTTP request to the SaltAPI and execute arbitrary commands.


9) Improper Authentication (CVE-ID: CVE-2021-3144)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests for expired eauth tokens. A remote attacker can re-use one more time expired eauth tokens to run command against the salt master or minions.


10) Improper Certificate Validation (CVE-ID: CVE-2020-35662)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper TLS certificate validation. A remote attacker can force the application to accept an untrusted certificate and perform MitM attack.


11) Improper Certificate Validation (CVE-ID: CVE-2020-28972)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to absent validation of SSL/TLS certificates. A remote attacker can perform MitM attack.


12) Security restrictions bypass (CVE-ID: CVE-2020-28243)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation. A remote user can create files in any non-blacklisted directory via a command injection in a process name.


Remediation

Install update from vendor's website.

References