Thursday, September 23, 2021

Salt Project patched a privilege escalation bug impacting SaltStack Salt minions

Must Read

Researchers bypass Windows Hello Biometrics Safeguards

Researchers have shown that it is possible to spoof and get through the Windows Hello facial recognition system used...

Nine cyber Offenders arrested in a police raid

Throughout the constant action being taken by the authorities to preventing cybercrime, the authorities obtained a major success last...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other...

The Salt Project has patched a privilege escalation bug impacting SaltStack Salt minions that could be used during a wider exploit chain. 

The vulnerability, CVE-2020-28243, is described as a privilege escalation bug impacting SaltStack Salt minions allowing “an unprivileged user to create files in any non-blacklisted directory via a command injection in a process name.” 

The bug has been given a severity rating of 7.0 and impacts Salt versions before 3002.5.

SaltStack’s Salt is an open-source project and software designed for automation and infrastructure management. 

In November, Immersive Labs’ security researcher Matthew Rollings performed a scan on the tool using Bandit, a Python application security scanner and came across the bug as a result. 

Salt includes a master system and minions, of which the latter facilitates commands sent to the master, and both often run as root. Rollings discovered a command injection vulnerability in minions when the master system summons a process called restart check.

Exploits can be triggered if attackers use crafted process names, permitting local users to escalate their privileges on root — as long as they can create files on a minion in a non-forbidden directory. 

With further investigation, the researcher noted it might also be possible to perform container escapes, including completing the exploit “within a container to gain command execution as root on the host machine.”

Also, Rollings said the vulnerability “may be performed by an attacker without local shell access, [and] under certain circumstances, remote users can influence process names.” However, this form of attack is considered “unlikely” and could be difficult to trigger. 

The Salt Project resolved the vulnerability in a February security release. The group also patched other high-impact bugs, including CVE-2021-3197, a shell injection flaw in Salt-API’s SSH client; CVE-2021-25281, an eAuth security issue that could allow remote attackers to run any wheel modules on the master, and CVE-2021-25283, a failure to protect against server-side template injection attacks. 

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This