Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 812440 (CVE-2021-21996, CVE-2021-31607)

Summary: <app-admin/salt-3003.3: multiple vulnerabilities (CVE-2021-{21996,31607})
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chutzpah
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
Whiteboard: B1 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 817926    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-10 11:48:49 UTC 
CVE-2021-21996:

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

CVE-2021-31607:

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-10 11:49:20 UTC 
Please stabilize 3003.3.
Comment 2 Larry the Git Cow gentoo-dev 2023-10-31 11:57:52 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=a4ba9f2fb65b65e29f00afe38eed9d10ac01301d

commit a4ba9f2fb65b65e29f00afe38eed9d10ac01301d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-31 11:57:07 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-31 11:57:38 +0000

    [ GLSA 202310-22 ] Salt: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/767919
    Bug: https://bugs.gentoo.org/812440
    Bug: https://bugs.gentoo.org/836365
    Bug: https://bugs.gentoo.org/855962
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202310-22.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)