Saturday, June 12, 2021

Salt Project patched a privilege escalation bug impacting SaltStack Salt minions

Must Read

Big Tech Giants formed Ransomware Task Force

Recently founded Ransomware Task Force will work together with a standard framework for Tackle ransomware attacks. A group of 19...

Brave browser disables Google’s FLoC ad-tracking technology

Brave, a Chromium-based browser, has removed FLoC, Google's controversial alternative identifier to third-party cookies for tracking users across websites. Brave...

Data Of 10 Million Digital Payments Transactions Leaked On Dark web In Juspay data breach

Sensitive information of over 100 million debit and credit cardholders have been leaked on the dark web, a security...

The Salt Project has patched a privilege escalation bug impacting SaltStack Salt minions that could be used during a wider exploit chain. 

The vulnerability, CVE-2020-28243, is described as a privilege escalation bug impacting SaltStack Salt minions allowing “an unprivileged user to create files in any non-blacklisted directory via a command injection in a process name.” 

The bug has been given a severity rating of 7.0 and impacts Salt versions before 3002.5.

SaltStack’s Salt is an open-source project and software designed for automation and infrastructure management. 

In November, Immersive Labs’ security researcher Matthew Rollings performed a scan on the tool using Bandit, a Python application security scanner and came across the bug as a result. 

Salt includes a master system and minions, of which the latter facilitates commands sent to the master, and both often run as root. Rollings discovered a command injection vulnerability in minions when the master system summons a process called restart check.

Exploits can be triggered if attackers use crafted process names, permitting local users to escalate their privileges on root — as long as they can create files on a minion in a non-forbidden directory. 

With further investigation, the researcher noted it might also be possible to perform container escapes, including completing the exploit “within a container to gain command execution as root on the host machine.”

Also, Rollings said the vulnerability “may be performed by an attacker without local shell access, [and] under certain circumstances, remote users can influence process names.” However, this form of attack is considered “unlikely” and could be difficult to trigger. 

The Salt Project resolved the vulnerability in a February security release. The group also patched other high-impact bugs, including CVE-2021-3197, a shell injection flaw in Salt-API’s SSH client; CVE-2021-25281, an eAuth security issue that could allow remote attackers to run any wheel modules on the master, and CVE-2021-25283, a failure to protect against server-side template injection attacks. 

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This