USN-4769-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-4769-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4769-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-4769-1
- Related
- Published
- 2021-03-15T20:11:16.216380Z
- Modified
- 2021-03-15T20:11:16.216380Z
- Summary
- salt vulnerabilities
- Details
-
It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563)
Andreas Stieger discovered that Salt exposed git usernames and passwords in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918).
It was discovered that Salt exposed password authentication credentials in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6941)
It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this issue to cause a DoS or possibly execute arbitrary code. (CVE-2017-12791, CVE-2017-14695, CVE-2017-14696)
It was discovered that Salt allowed remote attackers to determine which files exist on the server. An attacker could use this issue to extract sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15750)
It was discovered that Salt allowed users to bypass authentication. An attacker could use this issue to extract sensitive information, execute arbitrary code or crash the server. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15751)
- References
-
- https://ubuntu.com/security/notices/USN-4769-1
- https://ubuntu.com/security/CVE-2014-3563
- https://ubuntu.com/security/CVE-2015-6918
- https://ubuntu.com/security/CVE-2015-6941
- https://ubuntu.com/security/CVE-2017-12791
- https://ubuntu.com/security/CVE-2017-14695
- https://ubuntu.com/security/CVE-2017-14696
- https://ubuntu.com/security/CVE-2018-15750
- https://ubuntu.com/security/CVE-2018-15751
Affected packages
Ubuntu:Pro:14.04:LTS / salt
Package
- Name
- salt
- Purl
- pkg:deb/ubuntu/salt@0.17.5+ds-1ubuntu0.1~esm1?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.17.5+ds-1ubuntu0.1~esm1
Affected versions
0.*
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"salt-ssh": "0.17.5+ds-1ubuntu0.1~esm1",
"salt-master": "0.17.5+ds-1ubuntu0.1~esm1",
"salt-doc": "0.17.5+ds-1ubuntu0.1~esm1",
"salt-common": "0.17.5+ds-1ubuntu0.1~esm1",
"salt-minion": "0.17.5+ds-1ubuntu0.1~esm1",
"salt-syndic": "0.17.5+ds-1ubuntu0.1~esm1"
}
]
}
Ubuntu:Pro:16.04:LTS / salt
Package
- Name
- salt
- Purl
- pkg:deb/ubuntu/salt@2015.8.8+ds-1ubuntu0.1+esm1?arch=src?distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2015.8.8+ds-1ubuntu0.1+esm1
Affected versions
2015.*
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"salt-cloud": "2015.8.8+ds-1ubuntu0.1+esm1",
"salt-common": "2015.8.8+ds-1ubuntu0.1+esm1",
"salt-syndic": "2015.8.8+ds-1ubuntu0.1+esm1",
"salt-ssh": "2015.8.8+ds-1ubuntu0.1+esm1",
"salt-master": "2015.8.8+ds-1ubuntu0.1+esm1",
"salt-doc": "2015.8.8+ds-1ubuntu0.1+esm1",
"salt-api": "2015.8.8+ds-1ubuntu0.1+esm1",
"salt-minion": "2015.8.8+ds-1ubuntu0.1+esm1",
"salt-proxy": "2015.8.8+ds-1ubuntu0.1+esm1"
}
]
}