Detections
Analytics

Debian DLA-2815-1 : salt - LTS security update

critical Nessus Plugin ID 155123

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2815 advisory.

 Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of SSL certificates.
 For Debian 9 stretch, these problems have been fixed in version 2016.11.2+ds-1+deb9u7. We recommend that you upgrade your salt packages. For the detailed security status of salt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/salt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the salt packages.

For Debian 9 stretch, these problems have been fixed in version 2016.11.2+ds-1+deb9u7.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987496

https://security-tracker.debian.org/tracker/source-package/salt

https://www.debian.org/lts/security/2021/dla-2815

https://security-tracker.debian.org/tracker/CVE-2020-28243

https://security-tracker.debian.org/tracker/CVE-2020-28972

https://security-tracker.debian.org/tracker/CVE-2020-35662

https://security-tracker.debian.org/tracker/CVE-2021-25281

https://security-tracker.debian.org/tracker/CVE-2021-25282

https://security-tracker.debian.org/tracker/CVE-2021-25283

https://security-tracker.debian.org/tracker/CVE-2021-25284

https://security-tracker.debian.org/tracker/CVE-2021-3144

https://security-tracker.debian.org/tracker/CVE-2021-3148

https://security-tracker.debian.org/tracker/CVE-2021-31607

https://security-tracker.debian.org/tracker/CVE-2021-3197

https://packages.debian.org/source/stretch/salt

Plugin Details

Severity: Critical

ID: 155123

File Name: debian_DLA-2815.nasl

Version: 1.6

Type: local

Agent: unix

Published: 11/11/2021

Updated: 1/24/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3197

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:salt-doc, p-cpe:/a:debian:debian_linux:salt-common, p-cpe:/a:debian:debian_linux:salt-master, p-cpe:/a:debian:debian_linux:salt-proxy, p-cpe:/a:debian:debian_linux:salt-api, p-cpe:/a:debian:debian_linux:salt-ssh, cpe:/o:debian:debian_linux:9.0, p-cpe:/a:debian:debian_linux:salt-minion, p-cpe:/a:debian:debian_linux:salt-syndic, p-cpe:/a:debian:debian_linux:salt-cloud

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/10/2021

Vulnerability Publication Date: 2/27/2021

Exploitable With

Metasploit (SaltStack Salt API Unauthenticated RCE through wheel_async client)

Reference Information

CVE: CVE-2020-28243, CVE-2020-28972, CVE-2020-35662, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-25284, CVE-2021-3144, CVE-2021-3148, CVE-2021-31607, CVE-2021-3197

IAVA: 2021-A-0112-S, 2021-A-0524-S