oss-sec mailing list archives
Re: CVE request for saltstack minion identity usurpation
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 15 Oct 2013 23:54:03 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/11/2013 04:26 PM, Michael Scherer wrote:
Hi, While looking for saltstack issues on github, i stumbled on this pull request : https://github.com/saltstack/salt/pull/7356 It seems that saltstack, a client/server configuration system ( like puppet, chef, cfengine ) allowed to have any minions ( agent on the server to be configured ) to masquerade itself as any others agents when requesting stuff from the master ( ie, main server ). While I didn't fully check, this would permit a compromised server to request data from another server, thus leading to potential informations leak ( like passwword, etc ). Can a CVE be assigned, and I will pass it to upstream on the bug report ?
Ok mmcallis@ researched these and found: CVE-2013-4435 saltstack Insufficient argument validation in several modules CVE-2013-4436 saltstack MITM ssh attack on salt-ssh CVE-2013-4437 saltstack Insecure usage of a predictable directory in /tmp and on minion (CVE MERGE of two tmp issues) CVE-2013-4438 saltstack pillar.ext or qemu_nbd.clear yaml string RCE CVE-2013-4439 saltstack minion identity usurpation - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSXin7AAoJEBYNRVNeJnmTYV4QANwk6y4hTI8UFKEqqTZ+XFiS EEhtUzbX/THCie8PBbpB037HmD3Z86kz84mfllwxFTykXLDAcPOcHYcnAsVlUs9s o+Ry3tOVbmjeOjUAVlfwS1JQVUvLCQJPh/vp/239S6o4Z+Z8Hdvfi+yb47MCKr/n npr2mh6eYP7tStkfu3DjrMZarn7nPZgEfEidMHJdRTu7ZsBaOpfoEABHlCFC2Squ FmcptHW77a8t2jViVRQdO1evMzWL7eDZyp2gRSi8+iw2PuJkBviudjSM2nZHBnKC bi1AaqSLmoUgVnRQlMZHSR8XNhzIvJLeV4lvD6DULFkm+/7I9q3xh9Bg4zsxz+4F jazMrwdMm/ImKBV/s8KjUUSsBBe5hrX+lxjHgWSs9ZGhS86N/xNB+Him+lNT5B6f 1pMCdL5yG5tm5OqsW7IFXszYT4IqoROR8wv07prsurG9uZEv9TqVKGsByqF2gG4D pL5G60dXn0q5lzAYOuaBOdhJIDqvkgaAJ5Ze/VvCWvySpdGw/amC7RlPKfotYOb/ fLOd3u2kSMnQx8OSr8IFGBQjU5US4kIs5eNsJbHrBML1AovdeVHkT5H3y8F4OLyI ytj5/+FFh/Ai9tqi1+uR7enBBPQsJTUeao3lABc7wSyjYd/YHHMK2v9X5FeefW4Z IRnhb2BLOTezJ74QqgqV =XKMC -----END PGP SIGNATURE-----
Current thread:
- CVE request for saltstack minion identity usurpation Michael Scherer (Oct 11)
- Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 15)
- Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 15)
- Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 18)
- Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 15)
- Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 15)
- Re: CVE request for saltstack minion identity usurpation Kurt Seifried (Oct 15)