CVE-2016-3176

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-3176
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3176.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-3176
Aliases
Downstream
Related
Published
2017-01-31T19:59:00.183Z
Modified
2026-03-10T14:02:20.033537Z
Severity
  • 5.6 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
92889db638dc8f5079641dc86d85ce0cb2a7b984
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
34324abe562f6326618e290611a1737714118749
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
87d86e4b3eaad075876f516eb8bb693d9a88d1c9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
af297bb0aefcc4ffa5b085166835ca23d0b7c457
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
345206b68e97465c18450227e21adb888dd87358
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1c6c394d0ed51db613938dbfa4db6002eeb87a87
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c7db4350d53d399349e740cd403f2fdd1fcf571f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8d84c636cf241237ca5e033beea6e3179e4de7d5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.5.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.8.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.8.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.8.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.8.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.8.7"
        }
    ]
}

Affected versions

v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16
v0.17
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v2014.*
v2014.1
v2014.7
v2014.7.0
v2014.7.0rc1
v2014.7.0rc2
v2014.7.0rc3
v2014.7.0rc4
v2014.7.0rc5
v2014.7.0rc6
v2014.7.0rc7
v2014.7.1
v2014.7.2
v2014.7.3
v2014.7.4
v2014.7.5
v2014.7.6
v2014.7.7
v2014.7.8
v2015.*
v2015.2
v2015.2.0rc1
v2015.2.0rc2
v2015.5
v2015.5.0
v2015.5.1
v2015.5.2
v2015.5.3
v2015.5.4
v2015.5.5
v2015.5.6
v2015.5.7
v2015.5.8
v2015.5.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3176.json"