Ubuntu Security Notice 4459-1 - It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute arbitrary code or crash the server. It was discovered that Salt is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. Various other issues were also addressed.
554a555f7c9f85d9a4dada2c6804fc228f4388887cd01c661baad5b75fd51e4d
=========================================================================
Ubuntu Security Notice USN-4459-1
August 13, 2020
salt vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Salt.
Software Description:
- salt: Infrastructure management built on a dynamic communication bus
Details:
It was discovered that Salt allows remote attackers to determine which files
exist on the server. An attacker could use that to extract sensitive
information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass
authentication. An attacker could use that to extract sensitive information,
execute abritrary code or crash the server. (CVE-2018-15751)
It was discovered that Salt is vulnerable to command injection. This allows
an unauthenticated attacker with network access to the API endpoint to
execute arbitrary code on the salt-api host. (CVE-2019-17361)
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possibly use this issue to access
some methods without authentication. (CVE-2020-11651, CVE-2020-11652)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
salt-api 2017.7.4+dfsg1-1ubuntu18.04.2
salt-common 2017.7.4+dfsg1-1ubuntu18.04.2
salt-master 2017.7.4+dfsg1-1ubuntu18.04.2
salt-minion 2017.7.4+dfsg1-1ubuntu18.04.2
Ubuntu 16.04 LTS:
salt-api 2015.8.8+ds-1ubuntu0.1
salt-common 2015.8.8+ds-1ubuntu0.1
salt-master 2015.8.8+ds-1ubuntu0.1
salt-minion 2015.8.8+ds-1ubuntu0.1
After a standard system update you need to restart salt to make all the
necessary changes.
References:
https://usn.ubuntu.com/4459-1
CVE-2018-15750, CVE-2018-15751, CVE-2019-17361, CVE-2020-11651,
CVE-2020-11652
Package Information:
https://launchpad.net/ubuntu/+source/salt/2017.7.4+dfsg1-1ubuntu18.04.2
https://launchpad.net/ubuntu/+source/salt/2015.8.8+ds-1ubuntu0.1