An issue exists in SaltStack Salt prior to 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
saltstack salt |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
Any user could become root, warns Immersive Labs researcher More Salt in their wounds: DigiCert hit as hackers wriggle through (patched) holes in buggy config tool
Proof of concept code has been published for a vulnerability in popular data centre security management tool Saltstack, which was discovered after a developer at Immersive Labs found a privilege escalation bug allowing any old user to become root. SaltStack offers open-source, Python-based automation tools and was acquired by VMware in October last year. The latest CVE is a command injection flaw leading to the priv-esc flaw, according to Immersive Labs, whose Matt Rollings found the vuln. Numbe...